Wed Jan 22 14:27:32 UTC 2020 NetBSD/amd64 (ci2-netbsd-kubsan-4.c.syzkaller.internal) (console) login: Jan 22 14:27:35 ci2-netbsd-kubsan-4 getty[567]: /dev/ttyE3: Device not configured Jan 22 14:27:35 ci2-netbsd-kubsan-4 getty[381]: /dev/ttyE1: Device not configured Jan 22 14:27:35 ci2-netbsd-kubsan-4 getty[556]: /dev/ttyE2: Device not configured Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. 2020/01/22 14:27:45 fuzzer started 2020/01/22 14:27:45 dialing manager at 10.128.0.105:43865 2020/01/22 14:27:45 syscalls: 215 2020/01/22 14:27:45 code coverage: enabled 2020/01/22 14:27:45 comparison tracing: enabled 2020/01/22 14:27:45 extra coverage: support is not implemented in syzkaller 2020/01/22 14:27:45 setuid sandbox: support is not implemented in syzkaller 2020/01/22 14:27:45 namespace sandbox: support is not implemented in syzkaller 2020/01/22 14:27:45 Android sandbox: support is not implemented in syzkaller 2020/01/22 14:27:45 fault injection: support is not implemented in syzkaller 2020/01/22 14:27:45 leak checking: support is not implemented in syzkaller 2020/01/22 14:27:45 net packet injection: support is not implemented in syzkaller 2020/01/22 14:27:45 net device setup: support is not implemented in syzkaller 2020/01/22 14:27:45 concurrency sanitizer: support is not implemented in syzkaller 2020/01/22 14:27:45 devlink PCI setup: support is not implemented in syzkaller 14:27:49 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) poll(&(0x7f0000000140)=[{r0, 0x16}], 0x1, 0x0) 14:27:49 executing program 1: syz_emit_ethernet(0x2a, &(0x7f0000000000)) 14:27:49 executing program 2: r0 = socket(0x2, 0x2, 0x0) connect$unix(r0, &(0x7f0000000680)=ANY=[@ANYBLOB="82022e2fac1400fd7d81afe46d5733e0f293aaeb82fb168297e2ff239696473d48e4c734a899f96f0b224ec765ed0e76d92c6b8a03b10820a58fe43b00fa0400000000000000d9ac55a52f7dc8062782814d8cefefdb1bd4f9c0e36d58ab4f79a65f69e73991844d490000000062d8edd55587267ba5050932ed612e5ffe04fd83800b0331dd48d6fdc2ef38b4d2c38f572cf51ad724de92f008c18dacf12aa76cd608f0d9c81b7ebb57e75bb2dc6657ddac47a47e1d36a82818af20ea997e3ea944df0430b67f055df2b473f9df01000000000000c1ecc440000447c89263b7abec3fef53c46f9362301576534c2d7eeac6f7059f729f7c40b3dffccd0e67beab3b00b0c1b705f6f4300048c4c0db6c55a02a05961e2dcddadb9edd8a568fff014d217824b0aa5560ea147f1bd941f986fc40017f2f064b23c5101e713db21be5638e4000c7f1e1692c35dbdc77d3f7ba942baa127a4dc3f3354fcd7b01e94dabddc8a713ecdb22c517b8939ff036a801b5669356a3f996255f4dd7183fa2b85204e29c8c37d69864a92144e3ea32e04d709d7d06702a7897312d6294fdaa47b48ae5ccf2f4f193a9ddc93e8223278f36593c68be103eb0954fa3c63e29778902f3a4917170bad3028227eb42d6aecefe22d182818e64a787e77f92e36d9dffd764da16e4ed50dbb80d70e9658b84bedef262616ffd7e021d2a8c99ab0109af4598e66ecb94dd638efba4f481f047c2d02aa78303d2d2f2c94b5d5b7f44f0154fbd921372b6db8e070e477571c082b83995325ba28d1f6cbbfa38eb2a450353e206ae63ea54877cd051f231e0a41cf7064742b87207bb59ac0db8eb7a26f41223ee94b5a3050000000000000032bd10467c0ca0088cc590f42c14b2d904c0fdf00b47d6d3660363706f795ce05e658bd615d7625c71a56b0f6ef1c7b3761b17d8bb2e075cdcb511cc6b84696b4d7d581eda748d83b2bf795f7523a11a41ea854a3e0d85be31fe74ccec5a6aff82f22e0c2256355b959e64dc536400c508506a4ef8b6d9cfc71cc1e7e22198f6ccf6efbad11bf3f54063"], 0x10) writev(r0, &(0x7f0000000200)=[{0x0}], 0x1) 14:27:49 executing program 3: syz_emit_ethernet(0x7a, &(0x7f0000000300)) 14:27:49 executing program 4: shmget(0x2, 0x4000, 0x630, &(0x7f0000ffc000/0x4000)=nil) 14:27:50 executing program 5: mmap(&(0x7f0000009000/0x4000)=nil, 0x4000, 0x0, 0x9010, 0xffffffffffffffff, 0x0, 0x0) socket(0x18, 0x3, 0x0) r0 = msgget$private(0x0, 0xfffffffffffffffd) r1 = open(&(0x7f0000000040)='./file0\x00', 0x615, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x2010, r1, 0x0, 0x0) msgsnd(r0, &(0x7f0000000e80)={0x3, "5aab059e7584be19de16d8a32e0c5d7858899bbc616aeade23aa38f255f2dedc7d9349f609673a9f745b6b5aae9e1e53d2b8d941319c6b5d3b16ea71c4229d0000d8e7497cf22f1cc439ea2b26fcb5355b5b24eab6423706ebfa25245e804c95574b9d3f3d263490ee4823aa6156b2bd8b376fabb6713c8c3fcbb5c96075498e63bb2e19117fec0866378de0a48ccf0a87d3c451df0c36b08f9d3d6039ebea381e7fca35ed7142c2f0d2e5f9ce77c1ecfd58c46c50c8e10a93dcd069cb4d4575ddd417bd2c5f2470a3deaf000000000000a4a3af74e7548a3f0a1ef3e3f4358b30a130a9a062e678e5a37e21591aaa06ab276ae2868755"}, 0xff, 0x40000000000800) 14:27:50 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = socket(0x18, 0x4003, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) connect$unix(r1, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) dup2(r1, r0) setsockopt$sock_int(r0, 0xffff, 0x1001, &(0x7f0000000000)=0x43cbc, 0x4) r2 = dup(r0) sendto$inet6(r2, &(0x7f0000000040), 0x43000, 0x0, 0x0, 0x0) 14:27:51 executing program 0: 14:27:51 executing program 1: 14:27:51 executing program 1: 14:27:51 executing program 2: 14:27:51 executing program 4: 14:27:51 executing program 0: r0 = semget$private(0x0, 0x5, 0x0) semop(r0, &(0x7f0000000140)=[{0x3, 0x7fffffff, 0x1000}, {0x0, 0x800, 0x1000}, {}, {}, {}, {}, {}, {}, {}], 0x9) semctl$IPC_RMID(r0, 0x0, 0x0) 14:27:51 executing program 1: 14:27:51 executing program 1: 14:27:51 executing program 3: 14:27:51 executing program 2: 14:27:51 executing program 5: 14:27:51 executing program 4: 14:27:51 executing program 3: 14:27:51 executing program 2: 14:27:51 executing program 1: 14:27:51 executing program 0: [ 45.6684031] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 619 command syz-executor.5) [ 45.6884468] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 619 command syz-executor.5) 14:27:51 executing program 1: 14:27:51 executing program 2: 14:27:51 executing program 0: 14:27:51 executing program 1: 14:27:52 executing program 3: 14:27:52 executing program 2: 14:27:52 executing program 5: 14:27:52 executing program 4: 14:27:52 executing program 2: 14:27:52 executing program 1: 14:27:52 executing program 0: 14:27:52 executing program 3: 14:27:52 executing program 1: 14:27:52 executing program 4: 14:27:52 executing program 0: 14:27:52 executing program 4: 14:27:52 executing program 2: 14:27:52 executing program 5: 14:27:52 executing program 0: 14:27:52 executing program 1: 14:27:52 executing program 3: 14:27:52 executing program 4: 14:27:52 executing program 1: r0 = msgget(0x0, 0x0) msgsnd(r0, 0x0, 0x0, 0xc00) 14:27:52 executing program 2: r0 = socket$inet6(0x10, 0x108000000003, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="5500000019007faf37c0f2b2a4a280930a000010000243dc900523693900090010000000010000000800050003000000080000000004d54400009b84136ef75afb83de448daa7227c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) 14:27:52 executing program 0: setreuid(0x0, 0xee01) shmget(0x2, 0x2000, 0x40, &(0x7f0000ffe000/0x2000)=nil) 14:27:52 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = socket(0x2, 0xc003, 0x6) connect$unix(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="82022e2f66696cca6be9"], 0x10) dup2(r1, r0) socket(0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r0, 0xffff, 0x1001, &(0x7f0000000000)=0x43cbc, 0x4) r2 = dup(r0) sendto$inet6(r2, &(0x7f0000000040), 0xfcec, 0x0, 0x0, 0x0) 14:27:52 executing program 5: mlock(&(0x7f0000fef000/0x11000)=nil, 0x11000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) 14:27:52 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) chmod(&(0x7f0000000180)='./file0\x00', 0x23f) open(&(0x7f0000000080)='./file0/file1\x00', 0x1020222, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(0xffffffffffffffff, 0xc, 0xffffffffffffffff) getsockopt$sock_timeval(r0, 0xffff, 0x100b, &(0x7f0000000100), &(0x7f0000000200)=0x10) symlink(&(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='./file0/file0\x00') pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) rename(&(0x7f00000002c0)='./file0/file1\x00', &(0x7f0000000300)='./file0/file0\x00') fcntl$dupfd(r1, 0xa, 0xffffffffffffffff) connect(r1, &(0x7f0000000240)=@in6={0x18, 0x3, 0x3, 0x5}, 0xc) rename(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000001c0)='./file0/file1\x00') openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x400000, 0x26) 14:27:52 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = _lwp_self() _lwp_wakeup(r1) _lwp_create(&(0x7f0000000180)={0x400f0022, &(0x7f0000000100)={0x9, &(0x7f0000000080)={0xc, 0x0, {[0x5, 0xf555, 0x3, 0x4]}, {0xda1, 0x800000000000000, 0x5}, {0x6, 0x20, '\x00'}}, {[0x1, 0x3, 0x6, 0x9]}, {0x7, 0x900}, {0x2, 0x7a3, '@%\x00'}}, {[0x1f, 0x6, 0xfffffff7, 0x9]}, {0x7f, 0x20}, {0x2, 0x1, '\x00'}}, 0x20, &(0x7f0000000200)=0x0) _lwp_unpark(r2, &(0x7f0000000000)=0x3ff) getsockopt$inet_opts(r0, 0x6, 0x0, 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x80000, 0x2) 14:27:52 executing program 1: open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) socket(0x11, 0x3, 0x0) socket(0x1f, 0x1, 0x0) socket(0x1f, 0x1, 0x0) pipe(0x0) r1 = socket(0x1f, 0x1, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r2, 0xa, 0xffffffffffffffff) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r3, 0xa, 0xffffffffffffffff) r4 = posix_spawn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(0x0, r4) r5 = getuid() setreuid(0xee00, r5) r6 = __clone(0x0, 0x0) ptrace(0x9, r6, 0x0, 0x400000020000000) r7 = getpgid(r6) r8 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000000000/0x2000)=nil) shmat(r8, &(0x7f0000001000/0x2000)=nil, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) r10 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r10, 0xffff, 0x1004, &(0x7f0000000100)=0x10004, 0x4) getsockopt$SO_PEERCRED(r10, 0xffff, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0xc) r12 = getuid() setreuid(0x0, r12) r13 = getegid() getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) shmctl$IPC_SET(r8, 0x1, &(0x7f00000002c0)={{0x0, r9, r11, r12, r13, 0xa0, 0x1f}, 0x2, 0x7fff, r7, r14, 0x1000, 0x8, 0x5}) r15 = posix_spawn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r16, 0xa, 0xffffffffffffffff) getsockopt$sock_cred(r16, 0xffff, 0x11, &(0x7f0000000340), &(0x7f0000000540)=0xc) getpgid(r7) r17 = posix_spawn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(0x0, r17) r18 = posix_spawn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r19 = posix_spawn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(0x0, r19) setpgid(r19, r18) r20 = posix_spawn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(0x0, r20) setpgid(r17, r20) r21 = geteuid() r22 = __clone(0x0, 0x0) ptrace(0x9, r22, 0x0, 0x400000020000000) r23 = getpgid(r22) r24 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000000000/0x2000)=nil) shmat(r24, &(0x7f0000001000/0x2000)=nil, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) r26 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r26, 0xffff, 0x1004, &(0x7f0000000100)=0x10004, 0x4) getsockopt$SO_PEERCRED(r26, 0xffff, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0xc) r28 = getuid() setreuid(0x0, r28) r29 = getegid() getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) shmctl$IPC_SET(r24, 0x1, &(0x7f00000002c0)={{0x0, r25, r27, r28, r29, 0xa0, 0x1f}, 0x2, 0x7fff, r23, r30, 0x1000, 0x8, 0x5}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r31, 0xa, 0xffffffffffffffff) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r32, 0xa, 0xffffffffffffffff) r33 = socket$unix(0x1, 0x5, 0x0) r34 = posix_spawn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(0x0, r34) getsockopt$SO_PEERCRED(0xffffffffffffffff, 0xffff, 0x11, &(0x7f00000000c0)={0x0, 0x0}, 0xc) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r36, 0xa, 0xffffffffffffffff) getsockopt$sock_cred(r36, 0xffff, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) sendmsg$unix(r2, &(0x7f00000002c0)={&(0x7f0000000040)=@abs={0x0, 0x0, 0x0}, 0x8, &(0x7f0000000080), 0x0, &(0x7f00000001c0)=[@rights={0x18, 0xffff, 0x1, [r3]}, @cred={0x20, 0xffff, 0x2, r4, r5, r13}, @cred={0x20, 0xffff, 0x2, r15, r21, r29}, @rights={0x18, 0xffff, 0x1, [r31, r32]}, @rights={0x20, 0xffff, 0x1, [r1, r0, r33, r1]}, @cred={0x20, 0xffff, 0x2, r34, r35, r37}], 0xb0, 0x1}, 0x9) r38 = socket(0x2, 0x3, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r39, 0xa, 0xffffffffffffffff) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r40, 0xa, 0xffffffffffffffff) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r41, 0xa, 0xffffffffffffffff) connect$unix(r38, &(0x7f0000000580)=ANY=[@ANYPTR64=&(0x7f0000000700)=ANY=[@ANYRES32=r39, @ANYRES64=r40, @ANYRES16=r41]], 0x1) select(0x40, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x438, 0x6}, 0x0, &(0x7f0000000280)={0x1cd9}, 0x0) fcntl$dupfd(r0, 0xa, 0xffffffffffffffff) 14:27:52 executing program 0: r0 = socket(0x22, 0x3, 0x0) shutdown(r0, 0x2) r1 = __vfork14() ptrace(0x80000000, r1, &(0x7f0000000000), 0x8) getsockopt(r0, 0x3, 0xdd2e, &(0x7f0000000280)=""/20, &(0x7f00000002c0)=0x14) recvmsg(r0, &(0x7f0000001280)={&(0x7f0000000040)=@in6, 0xc, &(0x7f0000000240)=[{&(0x7f0000000080)=""/20, 0x14}, {&(0x7f00000000c0)=""/4, 0x4}, {&(0x7f0000000100)=""/213, 0xd5}, {&(0x7f0000000200)=""/1, 0x1}], 0x4, &(0x7f00000012c0)=""/4105, 0x1009}, 0x443) 14:27:52 executing program 5: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x1, 0x0) r1 = socket(0x18, 0x1, 0x0) socket(0x1f, 0x10000000, 0x2) setsockopt(r1, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) dup2(r0, r1) 14:27:52 executing program 4: madvise(&(0x7f0000180000/0x3000)=nil, 0x3000, 0x3) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)) r1 = fcntl$dupfd(r0, 0xa, 0xffffffffffffffff) r2 = posix_spawn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(0x0, r2) r3 = __clone(0x3800, &(0x7f0000000140)="a5e0c982635a3e1e81bb25e2a6d63020546fae01b8cf746c2b33a381adf474e18741ab7ad981de55d5812e0427838d2beb444f3e4ca1c2e4764080d93df5422b7026ee32d36c0fa7301e77430e31a847ade163e3123a4d76f7b2fe58a290d6f4afc88499bdc605ba8560f3685c2acde32e56a14e5660867f1b73880da10b3d04f3a3e385ba82d9cde1c24e87ba516473627f993f232a42b0ad8c527bb6d9cfb91b220eddfee1c2d5b0bf6caf48775c584d178291df3751c39d23214d7cb199") posix_spawn(r2, &(0x7f0000000040)='\x00', &(0x7f0000000100)={0x3, 0x2, &(0x7f00000000c0)=@close={0x2, r1}}, &(0x7f0000000200)={0x20, r3, {0xf063}, 0x4, {[0x1ff, 0x7, 0x40, 0xf7]}, {[0x3, 0xa77, 0x800, 0x3]}}, &(0x7f0000000240)=['\x00', ')\x00', '\x00', '\x00', '&\x00'], &(0x7f0000000280)=[']\x00', ':\x00', '\x00', '][\x00', '\x00']) faccessat(r0, &(0x7f0000000000)='./file0\x00', 0x80, 0x300) 14:27:52 executing program 1: setreuid(0xee00, 0x0) r0 = getuid() pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0xa, 0xffffffffffffffff) recvfrom$inet6(r1, &(0x7f00000000c0)=""/142, 0x8e, 0x800, &(0x7f0000000040)={0x18, 0x0, 0xfffffffe, 0x18c}, 0xc) setreuid(0xee00, r0) r2 = open(&(0x7f0000000080)='.\x00', 0x0, 0x0) fcntl$lock(r2, 0x9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100000000}) 14:27:52 executing program 2: r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) r1 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000140)='./file0\x00', 0x0) mkdirat(r1, &(0x7f0000000000)='./file0/file0\x00', 0x0) mkdirat(r0, &(0x7f00000002c0)='./file0/file0/fi\x00', 0x0) 14:27:52 executing program 4: __clone(0x600, 0x0) r0 = posix_spawn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(0x0, r0) getpgid(r0) 14:27:52 executing program 3: setrlimit(0x0, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) socket(0x11, 0x3, 0x0) socket(0x1f, 0x1, 0x0) socket(0x1f, 0x1, 0x0) pipe(0x0) socket(0x0, 0x3f4352aa70d1af03, 0x1) r2 = socket(0x2, 0x3, 0x0) flock(0xffffffffffffffff, 0xc) connect$unix(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="82022e2f66696c6530001835a41d8c30df8d8373fb648b6d89851d31a4c96d9114902dad2652642ad710c03be48e61665b0900000066860828df8421d3430031cb19209eadbe536eb67c8a26ead8ad3a69ac5a42011edafc4cf5dca73c577829bab111bb7c857b9b8fe0f2031559074c16ef9e06f52c1bce5ed8772a4e4bbabb76f279653733033b45bd632937a526e65300b700000000f100000d1b95a967c90fac571191169d196bbdb0c715c0fe2abbca36c4d179a3eb19996408215cb31bf68ac6fdb12503f30810567414ba464ba35d039ee4262c71805d12cb2819bd8723e26f4b6bd9671fa22f8fb099e3a00cfbc83284c769bde1c8a2dd6828b7fef63ba4f7d952e3daaf6b60c28ea5cfda139fb2218d607fea1020396caf61220eb6be16dad9605b29e0fbdc931565aee019e9b4d0a470000000000000000000d36343000000000000"], 0x10) socket(0x1f, 0x1, 0x0) socket(0x1f, 0x1, 0x0) socket(0x1f, 0x1, 0x0) socket(0x1f, 0x1, 0x0) select(0x40, &(0x7f0000000180), 0x0, &(0x7f0000000280)={0x1cd9}, 0x0) fcntl$dupfd(r1, 0xa, 0xffffffffffffffff) geteuid() mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0xa10, r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$SO_PEERCRED(r3, 0xffff, 0x11, &(0x7f0000001140), 0xfffffffffffffdf4) getsockopt(r3, 0x3, 0x2, &(0x7f00000001c0)=""/151, &(0x7f00000002c0)=0x97) r4 = semget$private(0x0, 0x7, 0x0) semctl$SETVAL(r4, 0x0, 0x8, &(0x7f0000000000)=0x1) 14:27:53 executing program 2: open$dir(&(0x7f0000000000)='./file0\x00', 0x4c0700, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10, r0, 0x0, 0x0) posix_spawn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140), 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0xa, 0xffffffffffffffff) bind$unix(r1, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0xa) r2 = posix_spawn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(0x0, r2) r3 = getpgid(r2) wait4(r3, 0x0, 0x8, &(0x7f0000000200)) 14:27:53 executing program 5: r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r1, 0xa, 0xffffffffffffffff) write(r1, &(0x7f0000000040)="b5d8d4e86dceb78be2b025ecbe9a9099c75901400eb3840cca8d08c7649afa2934464bd5e0740b15c93dad531d002648f0d98df6d89b92d2fb7b01a4f7971e902cabf1f66de0e544c3c9c8da74a9ae41ea7c1019decd38b3199d5718bdedb77741a59d9facde8b44d0820eeded2cd01a6cd1d8d0f624dd1d1439d952880e32f72e8652978857424e954f948204a990e0b067ed986c3bbb310ad67c5fadf01903045162ac", 0xa4) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013) pipe(0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0xa10, r0, 0x0, 0x0) __clone(0x0, 0x0) [ 47.1207120] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 233 command syz-executor.3) [ 47.2108558] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 601 command syz-executor.2) [ 47.2308870] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 601 command syz-executor.2) 14:27:53 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r0, 0xa, 0xffffffffffffffff) r1 = openat(r0, &(0x7f0000000000)='./file0\x00', 0x20, 0x158) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r2, 0xa, 0xffffffffffffffff) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r3, 0xa, 0xffffffffffffffff) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r4, 0xa, 0xffffffffffffffff) fcntl$dupfd(r3, 0x0, r4) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r5, 0xa, 0xffffffffffffffff) linkat(r2, &(0x7f00000000c0)='./file0\x00', r5, &(0x7f0000000100)='./file0\x00', 0x400) fchmodat(r1, &(0x7f0000000040)='./file0\x00', 0x40, 0x600) socket$inet(0x2, 0x1, 0xff) mlockall(0x0) r6 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r6, 0x0, 0x1, &(0x7f0000001280)='\x00\x00\x00\x00', 0x4) 14:27:53 executing program 5: open$dir(&(0x7f0000000000)='./file0\x00', 0x4c0700, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000040), 0x100000000000017c, 0x0) r1 = geteuid() __clone(0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, 0x0, &(0x7f00000001c0)) r2 = semget$private(0x0, 0x7, 0x8) semop(r2, &(0x7f0000000240)=[{0x1, 0x6}, {0x0, 0x40}, {0x0, 0x3, 0x800}, {0x0, 0xf6}, {0x0, 0x68}, {0x0, 0xfffffffffffffffc}, {0x4}], 0x7) _lwp_exit() semctl$GETALL(r2, 0x0, 0x6, &(0x7f0000000100)) r3 = getegid() r4 = getgid() semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f0000000040)={{0x8, r1, r3, r1, r4, 0x1}, 0xb9, 0x400, 0x34e7}) madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x6) r5 = __clone(0x0, 0x0) ptrace(0x9, r5, 0x0, 0x400000020000000) r6 = getpgid(r5) r7 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000000000/0x2000)=nil) shmat(r7, &(0x7f0000001000/0x2000)=nil, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) r9 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r9, 0xffff, 0x1004, &(0x7f0000000100)=0x10004, 0x4) getsockopt$SO_PEERCRED(r9, 0xffff, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0xc) r11 = getuid() setreuid(0x0, r11) r12 = getegid() getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) shmctl$IPC_SET(r7, 0x1, &(0x7f00000002c0)={{0x0, r8, r10, r11, r12, 0xa0, 0x1f}, 0x2, 0x7fff, r6, r13, 0x1000, 0x8, 0x5}) semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f0000000140)={{0xfffffe00, 0x0, r4, r1, r12, 0xd0, 0x3}, 0x10000, 0xe73f, 0x3}) [ 47.2509177] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 233 command syz-executor.3) 14:27:53 executing program 3: mlockall(0x0) mprotect(&(0x7f0000296000/0x1000)=nil, 0x1000, 0x0) mprotect(&(0x7f0000296000/0x3000)=nil, 0x3000, 0x3) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r0, 0xa, 0xffffffffffffffff) fchmod(r0, 0xc) [ 48.3226212] panic: kernel diagnostic assertion "uvm_page_locked_p(pg)" failed: file "/syzkaller/managers/netbsd-kubsan/kernel/sys/arch/x86/x86/pmap.c", line 3533 [ 48.3428272] cpu0: Begin traceback... [ 48.3526617] vpanic() at netbsd:vpanic+0x2aa [ 48.3927224] kern_assert() at netbsd:kern_assert+0x63 [ 48.4428015] pmap_remove_pte() at netbsd:pmap_remove_pte+0x408 [ 48.4828707] pmap_remove() at netbsd:pmap_remove+0x239 [ 48.5229295] uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x7be [ 48.5629903] uvmspace_free() at netbsd:uvmspace_free+0x2e8 [ 48.5930421] uvm_proc_exit() at netbsd:uvm_proc_exit+0xf6 [ 48.6331047] exit1() at netbsd:exit1+0x4cb [ 48.6731668] sys_exit() at netbsd:sys_exit+0xba [ 48.7132373] syscall() at netbsd:syscall+0x29a [ 48.7332826] --- syscall (number 1) --- [ 48.7332826] Skipping crash dump on recursive panic [ 48.7332826] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:153:24, member access within misaligned address 0xffffffff for type 'struct x86_64_frame' which requires 8 byte alignment [ 48.7640992] Faulted in mid-traceback; aborting... [ 48.7640992] fatal breakpoint trap in supervisor mode [ 48.7740059] trap type 1 code 0 rip 0xffffffff8021e7cd cs 0x8 rflags 0x286 cr2 0x60b2a0 ilevel 0 rsp 0xffff9780ae7dada0 [ 48.7846851] curlwp 0xffffe52d292814e0 pid 633.1 lowest kstack 0xffff9780ae7d82c0 Stopped in pid 633.1 (syz-executor.5) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xd1 vpanic() at netbsd:vpanic+0x2aa isAlreadyReported() at netbsd:isAlreadyReported HandleTypeMismatch.part.1() at netbsd:HandleTypeMismatch.part.1+0xcc HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x7b db_nextframe() at netbsd:db_nextframe+0x6f6 db_stack_trace_print() at netbsd:db_stack_trace_print+0x2c4 db_panic() at netbsd:db_panic+0x8b vpanic() at netbsd:vpanic+0x2aa kern_assert() at netbsd:kern_assert+0x63 pmap_remove_pte() at netbsd:pmap_remove_pte+0x408 pmap_remove() at netbsd:pmap_remove+0x239 uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x7be uvmspace_free() at netbsd:uvmspace_free+0x2e8 uvm_proc_exit() at netbsd:uvm_proc_exit+0xf6 exit1() at netbsd:exit1+0x4cb sys_exit() at netbsd:sys_exit+0xba syscall() at netbsd:syscall+0x29a --- syscall (number 1) --- [ 48.7846851] Skipping crash dump on recursive panic [ 48.7846851] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:154:14, member access within misaligned address 0xffffffff for type 'struct x86_64_frame' which requires 8 byte alignment [ 48.7846851] Faulted in mid-traceback; aborting... [ 48.7846851] fatal breakpoint trap in supervisor mode [ 48.7846851] trap type 1 code 0 rip 0xffffffff8021e7cd cs 0x8 rflags 0x286 cr2 0x60b2a0 ilevel 0x8 rsp 0xffff9780ae7d9aa0 [ 48.7846851] curlwp 0xffffe52d292814e0 pid 633.1 lowest kstack 0xffff9780ae7d82c0 Stopped in pid 633.1 (syz-executor.5) at netbsd:breakpoint+0x5: leave