2018/07/17 02:03:13 fuzzer started 2018/07/17 02:03:13 dialing manager at 127.0.0.1:33665 2018/07/17 02:03:13 syscalls: 213 2018/07/17 02:03:13 code coverage: support is not implemented in syzkaller 2018/07/17 02:03:13 comparison tracing: support is not implemented in syzkaller 2018/07/17 02:03:13 setuid sandbox: support is not implemented in syzkaller 2018/07/17 02:03:13 namespace sandbox: support is not implemented in syzkaller 2018/07/17 02:03:13 fault injection: support is not implemented in syzkaller 2018/07/17 02:03:13 leak checking: support is not implemented in syzkaller 2018/07/17 02:03:13 net packed injection: support is not implemented in syzkaller 2018/07/17 02:03:13 net device setup: support is not implemented in syzkaller 02:03:14 executing program 0: openat$net_ipifc_stats(0xffffffffffffff9c, &(0x7f0000000000)='/net/ipifc/stats\x00', 0x11, 0x1, 0x0) r0 = openat$net_ipifc_0_err(0xffffffffffffff9c, &(0x7f0000000040)='/net/ipifc/0/err\x00', 0x11, 0x3, 0x0) r1 = proc_create(&(0x7f0000000080)='./file0\x00', 0x8, &(0x7f00000000c0)='}:\'\x00', 0x4, 0x1) poke_ksched(r1, 0x0) fcntl$F_SETFL(r0, 0x4, 0x8000) link(&(0x7f0000000100)='./file0\x00', 0x8, &(0x7f0000000140)='./file0\x00', 0x8) openat$net_ether0_0_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/net/ether0/0/ctl\x00', 0x12, 0x3, 0x0) close(r0) r2 = openat$dev_consctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/consctl\x00', 0xd, 0x3, 0x0) link(&(0x7f0000000200)='./file0\x00', 0x8, &(0x7f0000000240)='./file0\x00', 0x8) close(r2) openat$net_udp_0_data(0xffffffffffffff9c, &(0x7f0000000280)='/net/udp/0/data\x00', 0x10, 0x3, 0x0) fcntl$F_GETFL(r2, 0x3) openat$net_tcp_2_remote(0xffffffffffffff9c, &(0x7f00000002c0)='/net/tcp/2/remote\x00', 0x12, 0x1, 0x0) openat$net_ipifc_clone(0xffffffffffffff9c, &(0x7f0000000300)='/net/ipifc/clone\x00', 0x11, 0x3, 0x0) self_notify(0x1, 0xf, &(0x7f0000000400)={0xa, 0x80, 0x0, &(0x7f0000000340)="0761eb54504ea61df50c4954188340055afe6afb975b98d319e8597f8b5ef811e60b1b49f6c2eb85627337f71bac7117853e1195abc742f62bc3889ea050d2d0b9002c6a1b0bee66d7ad05ba125b76504bc8e503aaf1ec048a1e06049e340211b332dcca8fe3d4a145611e0da37c7d7215a2eae377ec313fc3140c04e4795e482f", 0x7}, 0x1) openat$proc_self_status(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/status\x00', 0x12, 0x1, 0x0) openat$dev_kprint(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kprint\x00', 0xc, 0x1, 0x0) openat$net_ether0_1_ifstats(0xffffffffffffff9c, &(0x7f00000004c0)='/net/ether0/1/ifstats\x00', 0x16, 0x1, 0x0) openat$net_ether0_0_ctl(0xffffffffffffff9c, &(0x7f0000000500)='/net/ether0/0/ctl\x00', 0x12, 0x3, 0x0) openat$net_udp_0_data(0xffffffffffffff9c, &(0x7f0000000540)='/net/udp/0/data\x00', 0x10, 0x3, 0x0) openat$prof_kpdata(0xffffffffffffff9c, &(0x7f0000000580)='/prof/kpdata\x00', 0xd, 0x3, 0x0) openat$proc_self_segment(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/self/segment\x00', 0x13, 0x1, 0x0) openat$proc_self_ctl(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/ctl\x00', 0xf, 0x3, 0x0) openat$net_ipifc_stats(0xffffffffffffff9c, &(0x7f0000000640)='/net/ipifc/stats\x00', 0x11, 0x1, 0x0) openat$prof_kptrace_ctl(0xffffffffffffff9c, &(0x7f0000000680)='/prof/kptrace_ctl\x00', 0x12, 0x3, 0x0) openat$net_ether0_1_stats(0xffffffffffffff9c, &(0x7f00000006c0)='/net/ether0/1/stats\x00', 0x14, 0x1, 0x0) self_notify(0x20, 0xe, &(0x7f0000000780)={0x1f, 0x7, 0x5, &(0x7f0000000700)="ebbb291372d9e7f87241e1937d6f5a04c3c5919c56246c933a84cae9def616bc93244a7c672fc8a3d45606419a6939e093239ebced1a0c033749d6c0f0299d8103041c7f7fcd3d0352c98ce379583a33461b7c307d", 0x800}, 0x0) openat$net_tcp_2_local(0xffffffffffffff9c, &(0x7f00000007c0)='/net/tcp/2/local\x00', 0x11, 0x1, 0x0) openat$net_ether0_1_stats(0xffffffffffffff9c, &(0x7f0000000800)='/net/ether0/1/stats\x00', 0x14, 0x1, 0x0) 02:03:14 executing program 2: vmm_ctl$VMM_CTL_GET_EXITS(0x1) openat$net_tcp_1_listen(0xffffffffffffff9c, &(0x7f0000000000)='/net/tcp/1/listen\x00', 0x12, 0x3, 0x0) r0 = openat$dev_random(0xffffffffffffff9c, &(0x7f0000000040)='/dev/random\x00', 0xc, 0x1, 0x0) fcntl$F_SYNC(r0, 0x65) r1 = openat$proc_self_text(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/text\x00', 0x10, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8, 0x40, 0x6) openat$proc_self_maps(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/maps\x00', 0x10, 0x1, 0x0) munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000) openat(r1, &(0x7f0000000140)='./file1\x00', 0x8, 0x0, 0x10) openat$dev_urandom(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0xd, 0x1, 0x0) openat$dev_osversion(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/osversion\x00', 0xf, 0x1, 0x0) openat$net_ether0_stats(0xffffffffffffff9c, &(0x7f0000000200)='/net/ether0/stats\x00', 0x12, 0x1, 0x0) openat$net_ether0_clone(0xffffffffffffff9c, &(0x7f0000000240)='/net/ether0/clone\x00', 0x12, 0x3, 0x0) openat$dev_klog(0xffffffffffffff9c, &(0x7f0000000280)='/dev/klog\x00', 0xa, 0x1, 0x0) openat$net_udp_0_status(0xffffffffffffff9c, &(0x7f00000002c0)='/net/udp/0/status\x00', 0x12, 0x1, 0x0) openat$net_tcp_1_status(0xffffffffffffff9c, &(0x7f0000000300)='/net/tcp/1/status\x00', 0x12, 0x1, 0x0) openat$net_tcp_1_ctl(0xffffffffffffff9c, &(0x7f0000000340)='/net/tcp/1/ctl\x00', 0xf, 0x3, 0x0) proc_destroy(0x0, 0x7fffffff) openat$net_tcp_clone(0xffffffffffffff9c, &(0x7f0000000380)='/net/tcp/clone\x00', 0xf, 0x3, 0x0) mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000004) openat$net_tcp_clone(0xffffffffffffff9c, &(0x7f00000003c0)='/net/tcp/clone\x00', 0xf, 0x3, 0x0) vmm_ctl$VMM_CTL_SET_EXITS(0x2, 0x1) openat$proc_self_status(0xffffffffffffff9c, &(0x7f0000000400)='/proc/self/status\x00', 0x12, 0x1, 0x0) rmdir(&(0x7f0000000440)='./file0\x00', 0x8) mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000000) openat$prof_kptrace(0xffffffffffffff9c, &(0x7f0000000480)='/prof/kptrace\x00', 0xe, 0x3, 0x0) openat$net_ether0_2_ifstats(0xffffffffffffff9c, &(0x7f00000004c0)='/net/ether0/2/ifstats\x00', 0x16, 0x1, 0x0) openat$dev_urandom(0xffffffffffffff9c, &(0x7f0000000500)='/dev/urandom\x00', 0xd, 0x1, 0x0) openat$net_tcp_2_listen(0xffffffffffffff9c, &(0x7f0000000540)='/net/tcp/2/listen\x00', 0x12, 0x3, 0x0) openat$dev_kmesg(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kmesg\x00', 0xb, 0x1, 0x0) 02:03:14 executing program 1: r0 = proc_create(&(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000040)='\x00', 0x1, 0x0) waitpid(r0, &(0x7f0000000080), 0x0) proc_create(&(0x7f00000000c0)='./file0\x00', 0x8, &(0x7f0000000100)='\x00', 0x1, 0x0) r1 = openat$net_ipifc_0_listen(0xffffffffffffff9c, &(0x7f0000000140)='/net/ipifc/0/listen\x00', 0x14, 0x3, 0x0) r2 = proc_create(&(0x7f0000000180)='./file0\x00', 0x8, &(0x7f00000001c0)='[#\x00', 0x3, 0x1) chdir(0x0, &(0x7f0000000200)='./file0\x00', 0x8) chdir(r0, &(0x7f0000000240)='./file0\x00', 0x8) r3 = openat$net_ether0_0_data(0xffffffffffffff9c, &(0x7f0000000280)='/net/ether0/0/data\x00', 0x13, 0x3, 0x0) r4 = openat$prof_kprintx(0xffffffffffffff9c, &(0x7f00000002c0)='/prof/kprintx\x00', 0xe, 0x3, 0x0) nmount(r4, &(0x7f0000000300)='./file0\x00', 0x8, 0x10) fcntl$F_GETFL(r4, 0x3) proc_create(&(0x7f0000000340)='./file0\x00', 0x8, &(0x7f0000000380)='/net/ether0/0/data\x00', 0x13, 0x0) openat$dev_kprint(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kprint\x00', 0xc, 0x1, 0x0) chdir(r2, &(0x7f0000000400)='./file0\x00', 0x8) openat$net_ether0_1_type(0xffffffffffffff9c, &(0x7f0000000440)='/net/ether0/1/type\x00', 0x13, 0x1, 0x0) proc_create(&(0x7f0000000480)='./file0\x00', 0x8, &(0x7f00000004c0)="262aa1263a00", 0x6, 0x0) getcwd(&(0x7f0000000500)=""/56, 0x38) fcntl$F_DUPFD(r1, 0x0, r3, 0x1) r5 = openat$net_udp_0_status(0xffffffffffffff9c, &(0x7f0000000540)='/net/udp/0/status\x00', 0x12, 0x1, 0x0) tap_fds(&(0x7f0000000700)=[{r5, 0x3, 0x120, 0x34e4, &(0x7f0000000600)={&(0x7f0000000580)="d5db8571188b8b53836c2a61110206010cfae1c159564680089600ae3ffc9f3ea2e041c3b074bd83bfeab461254ea1bf9d189a0fa7119101bdb7fefd2f43c1817fbb9d79bcbf9dcd37d03687767a9077", 0x1, 0x1, 0x2000000000000, 0x1, 0x2}}, {r1, 0x2, 0x620, 0x660, &(0x7f00000006c0)={&(0x7f0000000640)="86529861224805b9ae3b6c93898f32209ae551258958b7f8541414bee3511f304502c72cd7eee92a08cb8e9da38ea5ec9552e4df951919877b1ec8cd7b3418cd688d26b1c3cb691eff9993c53523b8ea", 0x1f, 0x1, 0xcef, 0x8, 0x620b}}], 0x2) openat$net_icmpv6_stats(0xffffffffffffff9c, &(0x7f0000000740)='/net/icmpv6/stats\x00', 0x12, 0x1, 0x0) proc_create(&(0x7f0000000780)='./file0\x00', 0x8, &(0x7f00000007c0)='\x00', 0x1, 0x1) openat$net_ipifc_0_listen(0xffffffffffffff9c, &(0x7f0000000800)='/net/ipifc/0/listen\x00', 0x14, 0x3, 0x0) openat$dev_sysname(0xffffffffffffff9c, &(0x7f0000000840)='/dev/sysname\x00', 0xd, 0x3, 0x0) openat$net_icmpv6_stats(0xffffffffffffff9c, &(0x7f0000000880)='/net/icmpv6/stats\x00', 0x12, 0x1, 0x0) openat$dev_stderr(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/stderr\x00', 0xc, 0x3, 0x0) openat$net_ipifc_1_snoop(0xffffffffffffff9c, &(0x7f0000000900)='/net/ipifc/1/snoop\x00', 0x13, 0x1, 0x0) openat$net_ipifc_1_snoop(0xffffffffffffff9c, &(0x7f0000000940)='/net/ipifc/1/snoop\x00', 0x13, 0x1, 0x0) openat$net_tcp_stats(0xffffffffffffff9c, &(0x7f0000000980)='/net/tcp/stats\x00', 0xf, 0x1, 0x0) openat$proc_self_user(0xffffffffffffff9c, &(0x7f00000009c0)='/proc/self/user\x00', 0x10, 0x1, 0x0) 02:03:14 executing program 3: r0 = openat$net_tcp_0_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/net/tcp/0/ctl\x00', 0xf, 0x3, 0x0) openat$dev_urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0xd, 0x1, 0x0) openat$net_tcp_0_data(0xffffffffffffff9c, &(0x7f0000000080)='/net/tcp/0/data\x00', 0x10, 0x3, 0x0) openat$dev_empty(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/.empty\x00', 0xc, 0x3, 0x0) openat$proc_self_strace_traceset(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/strace_traceset\x00', 0x1b, 0x3, 0x0) openat$proc_self_strace_traceset(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/strace_traceset\x00', 0x1b, 0x3, 0x0) openat$net_ether0_0_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/net/ether0/0/ctl\x00', 0x12, 0x3, 0x0) openat$net_arp(0xffffffffffffff9c, &(0x7f00000001c0)='/net/arp\x00', 0x9, 0x3, 0x0) openat$net_iproute(0xffffffffffffff9c, &(0x7f0000000200)='/net/iproute\x00', 0xd, 0x3, 0x0) openat$proc_self_strace_traceset(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/strace_traceset\x00', 0x1b, 0x3, 0x0) lstat(&(0x7f0000000280)='./file0\x00', 0x8, &(0x7f00000002c0)) openat$dev_pgrpid(0xffffffffffffff9c, &(0x7f0000000340)='/dev/pgrpid\x00', 0xc, 0x1, 0x0) openat$net_ether0_2_ctl(0xffffffffffffff9c, &(0x7f0000000380)='/net/ether0/2/ctl\x00', 0x12, 0x3, 0x0) r1 = openat$net_tcp_2_remote(0xffffffffffffff9c, &(0x7f00000003c0)='/net/tcp/2/remote\x00', 0x12, 0x1, 0x0) fcntl$F_GETFL(r0, 0x3) r2 = openat$net_tcp_0_status(0xffffffffffffff9c, &(0x7f0000000400)='/net/tcp/0/status\x00', 0x12, 0x1, 0x0) openat$net_tcp_2_local(0xffffffffffffff9c, &(0x7f0000000440)='/net/tcp/2/local\x00', 0x11, 0x1, 0x0) openat$net_ether0_0_ctl(0xffffffffffffff9c, &(0x7f0000000480)='/net/ether0/0/ctl\x00', 0x12, 0x3, 0x0) fcntl$F_DUPFD(r1, 0x0, r2, 0x1) openat$net_ipifc_0_remote(0xffffffffffffff9c, &(0x7f00000004c0)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0) openat$dev_hostdomain(0xffffffffffffff9c, &(0x7f0000000500)='/dev/hostdomain\x00', 0x10, 0x3, 0x0) openat$proc_self_strace(0xffffffffffffff9c, &(0x7f0000000540)='/proc/self/strace\x00', 0x12, 0x1, 0x0) openat$net_ipifc_0_remote(0xffffffffffffff9c, &(0x7f0000000580)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0) umask(0x7f) openat$net_ether0_addr(0xffffffffffffff9c, &(0x7f00000005c0)='/net/ether0/addr\x00', 0x11, 0x3, 0x0) openat$net_tcp_0_ctl(0xffffffffffffff9c, &(0x7f0000000600)='/net/tcp/0/ctl\x00', 0xf, 0x3, 0x0) openat$net_udp_clone(0xffffffffffffff9c, &(0x7f0000000640)='/net/udp/clone\x00', 0xf, 0x3, 0x0) openat$proc_self_segment(0xffffffffffffff9c, &(0x7f0000000680)='/proc/self/segment\x00', 0x13, 0x1, 0x0) openat$net_udp_0_status(0xffffffffffffff9c, &(0x7f00000006c0)='/net/udp/0/status\x00', 0x12, 0x1, 0x0) openat$net_tcp_2_remote(0xffffffffffffff9c, &(0x7f0000000700)='/net/tcp/2/remote\x00', 0x12, 0x1, 0x0) 02:03:14 executing program 4: r0 = openat$dev_hostowner(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hostowner\x00', 0xf, 0x3, 0x0) r1 = openat$dev_kprint(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kprint\x00', 0xc, 0x1, 0x0) fcntl$F_SETFD(r1, 0x2, 0x1) r2 = openat$proc_self_vmstatus(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/vmstatus\x00', 0x14, 0x1, 0x0) openat$net_udp_0_local(0xffffffffffffff9c, &(0x7f00000000c0)='/net/udp/0/local\x00', 0x11, 0x1, 0x0) openat$net_tcp_1_err(0xffffffffffffff9c, &(0x7f0000000100)='/net/tcp/1/err\x00', 0xf, 0x3, 0x0) openat$net_ether0_2_data(0xffffffffffffff9c, &(0x7f0000000140)='/net/ether0/2/data\x00', 0x13, 0x3, 0x0) openat$proc_self_mem(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/mem\x00', 0xf, 0x1, 0x0) fcntl$F_SYNC(r0, 0x65) openat$net_ether0_1_data(0xffffffffffffff9c, &(0x7f00000001c0)='/net/ether0/1/data\x00', 0x13, 0x3, 0x0) openat$dev_empty(0xffffffffffffff9c, &(0x7f0000000200)='/dev/.empty\x00', 0xc, 0x3, 0x0) openat$dev_consctl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/consctl\x00', 0xd, 0x3, 0x0) openat$dev_cons(0xffffffffffffff9c, &(0x7f0000000280)='/dev/cons\x00', 0xa, 0x3, 0x0) r3 = proc_create(&(0x7f00000002c0)='./file0\x00', 0x8, &(0x7f0000000300)='-\x00', 0x2, 0x0) fchdir(r3, r2) openat$net_tcp_1_local(0xffffffffffffff9c, &(0x7f0000000340)='/net/tcp/1/local\x00', 0x11, 0x1, 0x0) openat$proc_self_mem(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/mem\x00', 0xf, 0x1, 0x0) openat$net_empty(0xffffffffffffff9c, &(0x7f00000003c0)='/net/.empty\x00', 0xc, 0x3, 0x0) openat$net_ipifc_1_snoop(0xffffffffffffff9c, &(0x7f0000000400)='/net/ipifc/1/snoop\x00', 0x13, 0x1, 0x0) openat$dev_pgrpid(0xffffffffffffff9c, &(0x7f0000000440)='/dev/pgrpid\x00', 0xc, 0x1, 0x0) openat$net_ipifc_clone(0xffffffffffffff9c, &(0x7f0000000480)='/net/ipifc/clone\x00', 0x11, 0x3, 0x0) openat$net_ipselftab(0xffffffffffffff9c, &(0x7f00000004c0)='/net/ipselftab\x00', 0xf, 0x1, 0x0) openat$dev_pgrpid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/pgrpid\x00', 0xc, 0x1, 0x0) openat$dev_sysstat(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sysstat\x00', 0xd, 0x3, 0x0) openat$net_ether0_clone(0xffffffffffffff9c, &(0x7f0000000580)='/net/ether0/clone\x00', 0x12, 0x3, 0x0) openat$net_tcp_0_ctl(0xffffffffffffff9c, &(0x7f00000005c0)='/net/tcp/0/ctl\x00', 0xf, 0x3, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x2110, 0xffffffffffffff9c, 0x4) openat$net_ipifc_1_err(0xffffffffffffff9c, &(0x7f0000000600)='/net/ipifc/1/err\x00', 0x11, 0x3, 0x0) openat$net_ipifc_1_listen(0xffffffffffffff9c, &(0x7f0000000640)='/net/ipifc/1/listen\x00', 0x14, 0x3, 0x0) openat$net_udp_0_status(0xffffffffffffff9c, &(0x7f0000000680)='/net/udp/0/status\x00', 0x12, 0x1, 0x0) 02:03:14 executing program 5: openat$net_ipifc_0_snoop(0xffffffffffffff9c, &(0x7f0000000000)='/net/ipifc/0/snoop\x00', 0x13, 0x1, 0x0) openat$proc_self_status(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/status\x00', 0x12, 0x1, 0x0) r0 = openat$net_iprouter(0xffffffffffffff9c, &(0x7f0000000080)='/net/iprouter\x00', 0xe, 0x3, 0x0) close(r0) openat$net_iproute(0xffffffffffffff9c, &(0x7f00000000c0)='/net/iproute\x00', 0xd, 0x3, 0x0) openat$proc_self_strace(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/strace\x00', 0x12, 0x1, 0x0) openat$proc_self_strace(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/strace\x00', 0x12, 0x1, 0x0) openat$net_ipifc_0_local(0xffffffffffffff9c, &(0x7f0000000180)='/net/ipifc/0/local\x00', 0x13, 0x1, 0x0) openat$net_log(0xffffffffffffff9c, &(0x7f00000001c0)='/net/log\x00', 0x9, 0x3, 0x0) openat$dev_killkid(0xffffffffffffff9c, &(0x7f0000000200)='/dev/killkid\x00', 0xd, 0x3, 0x0) openat$net_ether0_0_data(0xffffffffffffff9c, &(0x7f0000000240)='/net/ether0/0/data\x00', 0x13, 0x3, 0x0) openat$net_ether0_0_data(0xffffffffffffff9c, &(0x7f0000000280)='/net/ether0/0/data\x00', 0x13, 0x3, 0x0) openat$net_tcp_clone(0xffffffffffffff9c, &(0x7f00000002c0)='/net/tcp/clone\x00', 0xf, 0x3, 0x0) openat$dev_cputime(0xffffffffffffff9c, &(0x7f0000000300)='/dev/cputime\x00', 0xd, 0x1, 0x0) openat$proc_self_wait(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/wait\x00', 0x10, 0x1, 0x0) openat$dev_hostowner(0xffffffffffffff9c, &(0x7f0000000380)='/dev/hostowner\x00', 0xf, 0x3, 0x0) r1 = proc_create(&(0x7f00000003c0)='./file0\x00', 0x8, &(0x7f0000000400)='-#]\x00', 0x4, 0x1) poke_ksched(r1, 0x0) openat$dev_config(0xffffffffffffff9c, &(0x7f0000000440)='/dev/config\x00', 0xc, 0x1, 0x0) openat$net_tcp_0_data(0xffffffffffffff9c, &(0x7f0000000480)='/net/tcp/0/data\x00', 0x10, 0x3, 0x0) openat$net_log(0xffffffffffffff9c, &(0x7f00000004c0)='/net/log\x00', 0x9, 0x3, 0x0) r2 = openat$dev_killkid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/killkid\x00', 0xd, 0x3, 0x0) openat$net_tcp_0_status(0xffffffffffffff9c, &(0x7f0000000540)='/net/tcp/0/status\x00', 0x12, 0x1, 0x0) openat$net_icmp_stats(0xffffffffffffff9c, &(0x7f0000000580)='/net/icmp/stats\x00', 0x10, 0x1, 0x0) openat$dev_empty(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/.empty\x00', 0xc, 0x3, 0x0) openat$net_tcp_2_listen(0xffffffffffffff9c, &(0x7f0000000600)='/net/tcp/2/listen\x00', 0x12, 0x3, 0x0) openat$net_ipifc_0_snoop(0xffffffffffffff9c, &(0x7f0000000640)='/net/ipifc/0/snoop\x00', 0x13, 0x1, 0x0) openat$net_tcp_2_status(0xffffffffffffff9c, &(0x7f0000000680)='/net/tcp/2/status\x00', 0x12, 0x1, 0x0) tcgetattr(r2, &(0x7f00000006c0)) openat$net_ether0_2_type(0xffffffffffffff9c, &(0x7f0000000700)='/net/ether0/2/type\x00', 0x13, 0x1, 0x0) 02:03:14 executing program 6: r0 = openat$net_ether0_1_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/net/ether0/1/ctl\x00', 0x12, 0x3, 0x0) openat$net_ipifc_0_remote(0xffffffffffffff9c, &(0x7f0000000040)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0) r1 = openat$net_tcp_0_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/net/tcp/0/ctl\x00', 0xf, 0x3, 0x0) r2 = openat$net_tcp_0_listen(0xffffffffffffff9c, &(0x7f00000000c0)='/net/tcp/0/listen\x00', 0x12, 0x3, 0x0) openat$net_icmp_stats(0xffffffffffffff9c, &(0x7f0000000100)='/net/icmp/stats\x00', 0x10, 0x1, 0x0) openat$proc_self_status(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/status\x00', 0x12, 0x1, 0x0) fcntl$F_SETFD(r1, 0x2, 0x1) r3 = openat$net_tcp_0_status(0xffffffffffffff9c, &(0x7f0000000180)='/net/tcp/0/status\x00', 0x12, 0x1, 0x0) fcntl$F_DUPFD(r3, 0x0, r0, 0x1) openat$net_ipifc_0_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/net/ipifc/0/ctl\x00', 0x11, 0x3, 0x0) openat$proc_self_text(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/text\x00', 0x10, 0x1, 0x0) r4 = openat$net_tcp_0_listen(0xffffffffffffff9c, &(0x7f0000000240)='/net/tcp/0/listen\x00', 0x12, 0x3, 0x0) r5 = proc_create(&(0x7f0000000280)='./file0\x00', 0x8, &(0x7f00000002c0)='/net/tcp/0/status\x00', 0x12, 0x1) dup_fds_to(r5, &(0x7f0000000300)=[{r4}], 0x1) openat$net_ipifc_0_data(0xffffffffffffff9c, &(0x7f0000000340)='/net/ipifc/0/data\x00', 0x12, 0x3, 0x0) llseek(r3, 0x40, 0x4, &(0x7f0000000380), 0x2) openat$dev_killkid(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/killkid\x00', 0xd, 0x3, 0x0) fcntl$F_DUPFD(r2, 0x0, r0, 0x1) openat$dev_pgrpid(0xffffffffffffff9c, &(0x7f0000000400)='/dev/pgrpid\x00', 0xc, 0x1, 0x0) openat$dev_hostowner(0xffffffffffffff9c, &(0x7f0000000440)='/dev/hostowner\x00', 0xf, 0x3, 0x0) openat$dev_killkid(0xffffffffffffff9c, &(0x7f0000000480)='/dev/killkid\x00', 0xd, 0x3, 0x0) change_vcore(0x5, 0x0) openat$net_tcp_1_status(0xffffffffffffff9c, &(0x7f00000004c0)='/net/tcp/1/status\x00', 0x12, 0x1, 0x0) openat$net_ipifc_0_ctl(0xffffffffffffff9c, &(0x7f0000000500)='/net/ipifc/0/ctl\x00', 0x11, 0x3, 0x0) openat$net_udp_0_err(0xffffffffffffff9c, &(0x7f0000000540)='/net/udp/0/err\x00', 0xf, 0x3, 0x0) openat$net_ipifc_1_local(0xffffffffffffff9c, &(0x7f0000000580)='/net/ipifc/1/local\x00', 0x13, 0x1, 0x0) openat$dev_ppid(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/ppid\x00', 0xa, 0x1, 0x0) change_vcore(0x0, 0x1) openat$net_ether0_1_ifstats(0xffffffffffffff9c, &(0x7f0000000600)='/net/ether0/1/ifstats\x00', 0x16, 0x1, 0x0) fstat(r0, &(0x7f0000000640)) 02:03:14 executing program 7: openat$proc_self_syscall(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/syscall\x00', 0x13, 0x1, 0x0) openat$net_ipifc_stats(0xffffffffffffff9c, &(0x7f0000000040)='/net/ipifc/stats\x00', 0x11, 0x1, 0x0) openat$proc_self_note(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/note\x00', 0x10, 0x1, 0x0) r0 = openat$net_tcp_2_status(0xffffffffffffff9c, &(0x7f00000000c0)='/net/tcp/2/status\x00', 0x12, 0x1, 0x0) r1 = openat$net_ether0_1_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/net/ether0/1/ctl\x00', 0x12, 0x3, 0x0) openat$dev_cputime(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cputime\x00', 0xd, 0x1, 0x0) fd2path(r0, &(0x7f0000000180)=""/228, 0xe4) openat$net_ether0_2_ctl(0xffffffffffffff9c, &(0x7f0000000280)='/net/ether0/2/ctl\x00', 0x12, 0x3, 0x0) openat$proc_self_strace_traceset(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/strace_traceset\x00', 0x1b, 0x3, 0x0) openat$net_udp_0_data(0xffffffffffffff9c, &(0x7f0000000300)='/net/udp/0/data\x00', 0x10, 0x3, 0x0) tcgetattr(r0, &(0x7f0000000340)) openat$dev_sysname(0xffffffffffffff9c, &(0x7f0000000380)='/dev/sysname\x00', 0xd, 0x3, 0x0) openat$net_ipifc_0_remote(0xffffffffffffff9c, &(0x7f00000003c0)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0) openat$net_udp_0_data(0xffffffffffffff9c, &(0x7f0000000400)='/net/udp/0/data\x00', 0x10, 0x3, 0x0) r2 = openat$dev_config(0xffffffffffffff9c, &(0x7f0000000440)='/dev/config\x00', 0xc, 0x1, 0x0) openat$net_tcp_clone(0xffffffffffffff9c, &(0x7f0000000480)='/net/tcp/clone\x00', 0xf, 0x3, 0x0) openat$net_udp_0_remote(0xffffffffffffff9c, &(0x7f00000004c0)='/net/udp/0/remote\x00', 0x12, 0x1, 0x0) openat$dev_ppid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ppid\x00', 0xa, 0x1, 0x0) openat$net_tcp_clone(0xffffffffffffff9c, &(0x7f0000000540)='/net/tcp/clone\x00', 0xf, 0x3, 0x0) fstat(r1, &(0x7f0000000580)) openat$net_ether0_2_ctl(0xffffffffffffff9c, &(0x7f0000000600)='/net/ether0/2/ctl\x00', 0x12, 0x3, 0x0) fstat(r2, &(0x7f0000000640)) openat$dev_time(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/time\x00', 0xa, 0x3, 0x0) openat$net_tcp_0_remote(0xffffffffffffff9c, &(0x7f0000000700)='/net/tcp/0/remote\x00', 0x12, 0x1, 0x0) abort_sysc_fd(r2) openat$proc_self_note(0xffffffffffffff9c, &(0x7f0000000740)='/proc/self/note\x00', 0x10, 0x1, 0x0) openat$net_tcp_0_status(0xffffffffffffff9c, &(0x7f0000000780)='/net/tcp/0/status\x00', 0x12, 0x1, 0x0) openat$net_ipifc_0_listen(0xffffffffffffff9c, &(0x7f00000007c0)='/net/ipifc/0/listen\x00', 0x14, 0x3, 0x0) openat$net_tcp_1_data(0xffffffffffffff9c, &(0x7f0000000800)='/net/tcp/1/data\x00', 0x10, 0x3, 0x0) openat$net_ipifc_0_err(0xffffffffffffff9c, &(0x7f0000000840)='/net/ipifc/0/err\x00', 0x11, 0x3, 0x0) bash-4.3$ Unhandled user trap in vcore context from VC 1 HW TRAP frame (partial) at 0xffffffffc86681a0 on core 3 rax 0x85ebc2f6491b0be6 rbx 0x0000100000006a50 rcx 0x0000300000013020 rdx 0x0000000000000000 rbp 0x000030000001aef0 rsi 0x000000000000000a rdi 0x0000000020000340 r8 0x0000000000000000 r9 0x0000000000000000 r10 0x0000000000000000 r11 0x0000000000000200 r12 0x000030000001af00 r13 0x000000000000000a r14 0x0000000000000000 r15 0x0000000000000000 trap 0x0000000d General Protection gsbs 0x0000000000000000 fsbs 0x0000000000000000 err 0x--------00000000 rip 0x0000000000414b1d cs 0x------------0023 flag 0x0000000000010282 rsp 0x000030000001aef0 ss 0x------------001b err 0x0 (for PFs: User 4, Wr 2, Rd 1), aux 0x0000000000000000 Addr 0x0000000000414b1d is in syz-executor at offset 0x0000000000014b1d VM Regions for proc 38 NR: Range: Prot, Flags, File, Off 00: (0x0000000000400000 - 0x00000000004b5000): 0x00000005, 0x00000001, 0xffff800004f0e220, 0x0000000000000000 01: (0x00000000004b5000 - 0x00000000004b6000): 0x00000005, 0x00000002, 0xffff800004f0e220, 0x00000000000b5000 02: (0x00000000006b5000 - 0x00000000006b8000): 0x00000003, 0x00000002, 0xffff800004f0e220, 0x00000000000b5000 03: (0x00000000006b8000 - 0x00000000008e5000): 0x00000003, 0x00000002, 0x0000000000000000, 0x0000000000000000 04: (0x0000000020000000 - 0x0000000021000000): 0x00000003, 0x00000022, 0x0000000000000000, 0x0000000000000000 05: (0x0000100000000000 - 0x0000100000024000): 0x00000007, 0x00000022, 0x0000000000000000, 0x0000000000000000 06: (0x0000300000000000 - 0x0000300000001000): 0x00000003, 0x00000002, 0xffff800004f0e220, 0x0000000000000000 07: (0x0000300000001000 - 0x0000300000005000): 0x00000003, 0x00000022, 0x0000000000000000, 0x0000000000000000 08: (0x0000300000005000 - 0x0000300000007000): 0x00000007, 0x00000022, 0x0000000000000000, 0x0000000000000000 09: (0x0000300000007000 - 0x0000300000019000): 0x00000003, 0x00000022, 0x0000000000000000, 0x0000000000000000 10: (0x0000300000019000 - 0x000030000003d000): 0x00000007, 0x00000022, 0x0000000000000000, 0x0000000000000000 11: (0x00007f7fff8ff000 - 0x00007f7fff9ff000): 0x00000003, 0x00000022, 0x0000000000000000, 0x0000000000000000 Backtrace of user context on Core 3: Offsets only matter for shared libraries #01 Addr 0x0000000000414b1d is in syz-executor at offset 0x0000000000014b1d #02 Addr 0x000000000040c82d is in syz-executor at offset 0x000000000000c82d #03 Addr 0x000000000040c8a6 is in syz-executor at offset 0x000000000000c8a6 #04 Addr 0x000000000040c9e3 is in syz-executor at offset 0x000000000000c9e3 #05 Addr 0x0000000000408028 is in syz-executor at offset 0x0000000000008028 #06 Addr 0x0000000000403a89 is in syz-executor at offset 0x0000000000003a89 #07 Addr 0x00000000004143fc is in syz-executor at offset 0x00000000000143fc #08 Addr 0x0000000000414401 is in syz-executor at offset 0x0000000000014401 02:03:20 executing program 0: openat$net_icmp_stats(0xffffffffffffff9c, &(0x7f0000000140)='/net/icmp/stats\x00', 0x8, 0x1, 0x0) openat$dev_random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/random\x00', 0xc, 0x1, 0x0) pop_ctx(&(0x7f0000000040)="618b4e6c5965f62aff1c53503e89b8c313ba06a533c4c45c53434bfb9213b3f79d2753b6a25709af1d50257c35a9efa478617137bbbbb909f53317471a026385ee67f580de115eaf6b5e7a4e0a24362ccf9cf0e2d41e2dd1f56f7206c3241c815a8f8a0baa6fb7a3b6f3d29dc582d57df35832c3a1e6665206f4418ef287a11bf43a0a34dbe15f74c280cac5e075a513c943f48ae40353550997a055005e58456ffa3cfa05a8caac8aaee18729dbbe655826c1596a6a898d990d8330dd321bf4075b9dcdb97204c2a10de43e3726c41cfac6773bab7002d5") openat$dev_stdout(0xffffffffffffff9c, &(0x7f0000000180)='/dev/stdout\x00', 0xc, 0x3, 0x0) kernel panic at kern/src/rcu.c:325, from core 3: HW TRAP frame at 0xfffffff00001af40 on core 2 assertion failed: rpi->gp_acked + 1 == READ_ONCE(rsp->gpnum) rax 0x000000000000003d Stack Backtrace on Core 3: rbx 0xffffffffc8667ec0 #01 [<0xffffffffc200a3b7>] in backtrace rcx 0xffffffffc8667ec8 #02 [<0xffffffffc2009b7c>] in _panic rdx 0x0000002b660d134b #03 [<0xffffffffc20502f9>] in rcu_report_qs_rpi rbp 0xfffffff0000affd8 #04 [<0xffffffffc2050c4c>] in rcu_report_qs rsi 0x0000000000000003 #05 [<0xffffffffc204d12b>] in proc_restartcore rdi 0xffffffffc8667ec0 #06 [<0xffffffffc20aaf20>] in sysenter_callwrapper r8 0x0000000000000000 r9 0xffffffffc8667fb8 r10 0x0000000000000078 r11 0xffffffffc8667f78 r12 0xffff80000218aae0 r13 0x0000000000000002 r14 0x0000000000000000 r15 0x0000000000000002 Entering Nanwan's Dungeon on Core 3 (Ints off): trap 0x00000008 Double Fault Type 'help' for a list of commands. gsbs 0xffffffffc8667ec0 ROS(Core 3)> fsbs 0x0000000000000000 err 0x--------00000000 rip 0xffffffffc209f2c1 cs 0x------------0008 flag 0x0000000000010246 rsp 0xfffffff0000affd8 ss 0x------------0010 Backtrace of kernel context on Core 2: #01 [<0xffffffffc209f2c1>] in cpu_halt #02 [<0xffffffffc205442a>] in __smp_idle kernel panic at kern/arch/x86/trap.c:541, from core 2: Double fault! Check the kernel stack pointer; you likely ran off the end of the stack. Stack Backtrace on Core 2: #01 [<0xffffffffc200a3b7>] in backtrace #02 [<0xffffffffc2009b7c>] in _panic #03 [<0xffffffffc20aa253>] in handle_double_fault Entering Nanwan's Dungeon on Core 2 (Ints off): Type 'help' for a list of commands.