Jan 11 06:46:48 ci2-netbsd-kubsan-4 getty[564]: /dev/ttyE3: Device not configured NetBSD/amd64 (ci2-netbsd-kubsan-4.c.syzkaller.internal) (console) Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. 2020/01/11 06:46:57 fuzzer started 2020/01/11 06:46:57 dialing manager at 10.128.0.105:37083 2020/01/11 06:46:57 syscalls: 215 2020/01/11 06:46:57 code coverage: enabled 2020/01/11 06:46:57 comparison tracing: enabled 2020/01/11 06:46:57 extra coverage: support is not implemented in syzkaller 2020/01/11 06:46:57 setuid sandbox: support is not implemented in syzkaller 2020/01/11 06:46:57 namespace sandbox: support is not implemented in syzkaller 2020/01/11 06:46:57 Android sandbox: support is not implemented in syzkaller 2020/01/11 06:46:57 fault injection: support is not implemented in syzkaller 2020/01/11 06:46:57 leak checking: support is not implemented in syzkaller 2020/01/11 06:46:57 net packet injection: support is not implemented in syzkaller 2020/01/11 06:46:57 net device setup: support is not implemented in syzkaller 2020/01/11 06:46:57 concurrency sanitizer: support is not implemented in syzkaller 2020/01/11 06:46:57 devlink PCI setup: support is not implemented in syzkaller 06:47:00 executing program 0: r0 = semget$private(0x0, 0x5, 0x0) semctl$GETNCNT(r0, 0x3, 0xe, 0x0) 06:47:01 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r1) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000740)={{0x3, r1, 0x0, 0x0, 0x0, 0x21, 0xffff}, 0x0, 0x0, 0xa250, 0x400, 0x100000001, 0x1000, 0xffffffffb80207a8, 0x2, 0x1f, 0x7338}) 06:47:01 executing program 2: shmget(0x3, 0xe000, 0x0, &(0x7f0000001000/0xe000)=nil) 06:47:01 executing program 3: shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) 06:47:01 executing program 4: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000000)={0x2}, 0x2000, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000340)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}) msgctl$IPC_RMID(r0, 0x0) 06:47:01 executing program 5: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="240000000b0607031dfffd946fa2870020200a0009000100051d853f0c1baba20400ff7e", 0x29d}], 0x1}, 0x0) 06:47:02 executing program 3: 06:47:03 executing program 3: 06:47:03 executing program 0: 06:47:03 executing program 4: 06:47:03 executing program 2: 06:47:03 executing program 3: 06:47:03 executing program 0: 06:47:03 executing program 3: 06:47:03 executing program 1: 06:47:03 executing program 2: 06:47:03 executing program 4: 06:47:03 executing program 4: 06:47:03 executing program 5: 06:47:03 executing program 2: 06:47:03 executing program 3: 06:47:03 executing program 1: 06:47:03 executing program 0: 06:47:03 executing program 4: 06:47:03 executing program 3: 06:47:03 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0}, 0x1c) sendmsg(r0, &(0x7f0000000a40)={0x0, 0x0, 0x0}, 0x0) 06:47:03 executing program 1: r0 = socket(0x10, 0x802, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000004c0)={0x0, 0x0, 0x0}, &(0x7f0000000500)=0xc) msgctl$IPC_SET(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x0, r1}}) 06:47:03 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000040)) 06:47:03 executing program 5: r0 = semget$private(0x0, 0x20000000102, 0x0) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000100)=""/235) 06:47:03 executing program 4: open$dir(&(0x7f0000000000)='./file0\x00', 0x4c0700, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x1000641, 0x8) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000040), 0x100000000000017c, 0x0) geteuid() r1 = __clone(0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, 0x0, &(0x7f00000001c0)=0xfffffebd) madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x6) getpgid(r1) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000080)={0x0}, 0xc) r3 = __clone(0x0, 0x0) ptrace(0x9, r3, 0x0, 0x400000020000000) getpgid(r3) setpgid(r2, r3) 06:47:03 executing program 3: open$dir(&(0x7f0000000000)='./file0\x00', 0x4c0700, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x40) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013) fsync(r0) readv(0xffffffffffffff9c, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/80, 0x50}], 0x1) 06:47:04 executing program 1: open(&(0x7f0000000040)='./file0\x00', 0x2070e, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x2020231, 0x0) writev(r1, &(0x7f0000000340)=[{&(0x7f0000000380)="92", 0x1}], 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0, 0x0) r2 = socket(0x18, 0x2, 0x0) getsockname(r2, &(0x7f0000000100)=@in, &(0x7f0000000140)=0xc) fcntl$setown(r2, 0x6, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x100) r3 = socket$unix(0x1, 0x5, 0x0) sendto$unix(r3, &(0x7f00000001c0)="530dfe9ed10f43b921b8f347e50ef5573239229be216da1114b879ac33fd57ede3fb2e99803220ec3ecac650848377773b289290ccb42741fefc19ce13f8bb212c449c4bedc69851b73e862abb5bbda0db301d481e8f62f64bd925b21a077ce0030e2f7dc461a9860027c6c08e96b80c9d0ea04df4e37a2e410d452f343a70cafa4cd14f7f5491f84b6083d03fd7d0f73104fe53fef192ca612c56b4a1a6bb352611ae152736b7f0f04e5ac1", 0xac, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="beb42000866799513000"], 0xa) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x6) 06:47:04 executing program 0: open$dir(&(0x7f0000000000)='./file0\x00', 0x4c0700, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000040), 0x100000000000017c, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x144) geteuid() __clone(0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, 0x0, &(0x7f00000001c0)) madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x6) 06:47:04 executing program 2: r0 = _lwp_self() mknod$loop(&(0x7f0000000040)='./file0\x00', 0x2000, 0xffffffffffffffff) r1 = _lwp_self() _lwp_suspend(r1) _lwp_wakeup(0x0) _lwp_continue(r1) _lwp_getname(r1, &(0x7f0000000000)=""/3, 0x3) ptrace(0x7f, 0x0, &(0x7f00000000c0), 0x10000) r2 = _lwp_self() _lwp_suspend(r2) _lwp_wakeup(r2) _lwp_continue(r2) _lwp_setname(r2, &(0x7f0000000080)='\x00') r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x40000400000002c2, 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x40000400000002c2, 0x0) writev(r4, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013) writev(r3, &(0x7f0000000000), 0x371) _lwp_wakeup(r0) _lwp_wakeup(r0) 06:47:04 executing program 3: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x2040, 0x0) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)) login: [ 42.9405493] panic: kernel diagnostic assertion "uvm_page_locked_p(pg)" failed: file "/syzkaller/managers/netbsd-kubsan/kernel/sys/arch/x86/x86/pmap.c", line 3533 [ 42.9505592] cpu1: Begin traceback... [ 42.9605865] vpanic() at netbsd:vpanic+0x2aa [ 43.0006717] kern_assert() at netbsd:kern_assert+0x63 [ 43.0407621] pmap_remove_pte() at netbsd:pmap_remove_pte+0x408 [ 43.0808488] pmap_remove() at netbsd:pmap_remove+0x239 [ 43.1209409] uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x7be [ 43.1610298] uvmspace_free() at netbsd:uvmspace_free+0x2e8 [ 43.2011180] uvm_proc_exit() at netbsd:uvm_proc_exit+0xf6 [ 43.2412040] exit1() at netbsd:exit1+0x4cb [ 43.2712688] sys_exit() at netbsd:sys_exit+0xba [ 43.3113574] syscall() at netbsd:syscall+0x29a [ 43.3314004] --- syscall (number 1) --- [ 43.3314004] Skipping crash dump on recursive panic [ 43.3414203] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:153:24, member access within misaligned address 0xffffffff for type 'struct x86_64_frame' which requires 8 byte alignment [ 43.3614640] Faulted in mid-traceback; aborting... [ 43.3614640] fatal breakpoint trap in supervisor mode [ 43.3714861] trap type 1 code 0 rip 0xffffffff8021e7cd cs 0x8 rflags 0x286 cr2 0x60b2a0 ilevel 0 rsp 0xffffad80a5da2da0 [ 43.3815133] curlwp 0xffffa92f62e0f920 pid 533.1 lowest kstack 0xffffad80a5da02c0 Stopped in pid 533.1 (syz-executor.4) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xd1 vpanic() at netbsd:vpanic+0x2aa isAlreadyReported() at netbsd:isAlreadyReported HandleTypeMismatch.part.1() at netbsd:HandleTypeMismatch.part.1+0xcc HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x7b db_nextframe() at netbsd:db_nextframe+0x6f6 db_stack_trace_print() at netbsd:db_stack_trace_print+0x2c4 db_panic() at netbsd:db_panic+0x8b vpanic() at netbsd:vpanic+0x2aa kern_assert() at netbsd:kern_assert+0x63 pmap_remove_pte() at netbsd:pmap_remove_pte+0x408 pmap_remove() at netbsd:pmap_remove+0x239 uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x7be uvmspace_free() at netbsd:uvmspace_free+0x2e8 uvm_proc_exit() at netbsd:uvm_proc_exit+0xf6 exit1() at netbsd:exit1+0x4cb sys_exit() at netbsd:sys_exit+0xba syscall() at netbsd:syscall+0x29a --- syscall (number 1) --- [ 43.3915347] Skipping crash dump on recursive panic [ 43.3915347] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:154:14, member access within misaligned address 0xffffffff for type 'struct x86_64_frame' which requires 8 byte alignment [ 43.3915347] Faulted in mid-traceback; aborting... [ 43.3915347] fatal breakpoint trap in supervisor mode [ 43.3915347] trap type 1 code 0 rip 0xffffffff8021e7cd cs 0x8 rflags 0x286 cr2 0x60b2a0 ilevel 0x8 rsp 0xffffad80a5da1aa0 [ 43.3915347] curlwp 0xffffa92f62e0f920 pid 533.1 lowest kstack 0xffffad80a5da02c0 Stopped in pid 533.1 (syz-executor.4) at netbsd:breakpoint+0x5: leave