Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts.
2020/01/24 10:23:59 fuzzer started
2020/01/24 10:23:59 dialing manager at 10.128.0.105:39807
2020/01/24 10:24:00 syscalls: 215
2020/01/24 10:24:00 code coverage: enabled
2020/01/24 10:24:00 comparison tracing: enabled
2020/01/24 10:24:00 extra coverage: support is not implemented in syzkaller
2020/01/24 10:24:00 setuid sandbox: support is not implemented in syzkaller
2020/01/24 10:24:00 namespace sandbox: support is not implemented in syzkaller
2020/01/24 10:24:00 Android sandbox: support is not implemented in syzkaller
2020/01/24 10:24:00 fault injection: support is not implemented in syzkaller
2020/01/24 10:24:00 leak checking: support is not implemented in syzkaller
2020/01/24 10:24:00 net packet injection: support is not implemented in syzkaller
2020/01/24 10:24:00 net device setup: support is not implemented in syzkaller
2020/01/24 10:24:00 concurrency sanitizer: support is not implemented in syzkaller
2020/01/24 10:24:00 devlink PCI setup: support is not implemented in syzkaller
10:24:03 executing program 0:
r0 = socket$inet6(0x18, 0x0, 0x2)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0}, 0x55)

10:24:03 executing program 1:
syz_emit_ethernet(0x616, &(0x7f0000000740))

10:24:04 executing program 2:
r0 = open(&(0x7f0000000480)='./file0\x00', 0x80000000000206, 0x0)
ftruncate(r0, 0x400000000108)
r1 = open(&(0x7f0000000480)='./file0\x00', 0x80000000000206, 0x0)
ftruncate(r1, 0x400000000106)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x80012, r1, 0x0, 0x0)
dup2(r0, r1)
open(&(0x7f0000000480)='./file0\x00', 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x0)

10:24:04 executing program 3:
syz_emit_ethernet(0x86, &(0x7f00000003c0))

10:24:04 executing program 4:
r0 = socket(0x11, 0x803, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000000)=0xffffffff, 0x4)

10:24:04 executing program 5:
r0 = socket(0x2, 0xc003, 0x2f)
connect$unix(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8202adfdffffffffffffff653000463f7b238bfa6854d78a2a197a386207000000008295955984c87910bf453f68c11700287ead4bcb777fa69dfceac2a84e6abca64896bc5e57c6388bbd2ad88b2951b15801360bcd4c0a162b58fd426a6ddea3a7bd9bed8637b8fa4de7339f94deba60b6ebc9012ae447473c238495aaee48c02f6ac41e6bf3bf554799b9b813ad30505e8f5300a49fef9d612f871f4385f041a816b583cea4a33957795ea4a5c5fe659fa202361cd8cac7dbbc5b65c6593d2870b4122cfdce5fd53c6302d937b961ae0b2139131dc7b151884324f30e52ab3f26d3066362bdeb2da2b22f0603fc1a315b97a709a71e7311349beeb2f506a218df559ca16d76bffb9b9653d97df05c076dfdec6bd8d052eeb00e6332853cb6bfef7981afda8370eff4fe1e9a03d8ee1d4620af19fa04a03640283aec72c5a5078a412e60d118e30c27ed7e099f2e836f38fb70637252d9ae13a70c40ffe52e490e37df40847910b7b015e9765c6e6f87f6090281d917cb7995877cbc"], 0x10)
sendmsg(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)

10:24:06 executing program 3:

10:24:06 executing program 3:

10:24:06 executing program 5:

10:24:06 executing program 1:

10:24:06 executing program 5:

10:24:06 executing program 3:

10:24:06 executing program 0:

10:24:06 executing program 1:

10:24:06 executing program 5:

10:24:06 executing program 2:
r0 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0}, 0x10)
recvmsg(r0, &(0x7f0000002d80)={0x0, 0x0, 0x0}, 0x0)

10:24:06 executing program 1:

10:24:06 executing program 3:

10:24:06 executing program 0:

10:24:06 executing program 4:
syz_emit_ethernet(0x256, &(0x7f0000000000))

10:24:06 executing program 3:
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0}, 0x1c)
sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff3b, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d05}], 0x1}, 0x350c)

10:24:06 executing program 1:
r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(r0, &(0x7f00000001c0)='./file1\x00', 0x0)
renameat(r0, &(0x7f0000000200)='./file1\x00', r0, &(0x7f0000000140)='./file0/file0\x00')
renameat(r0, &(0x7f00000000c0)='./file0/file0\x00', r0, &(0x7f0000000100)='./file1\x00')
renameat(r0, &(0x7f0000000180)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00')

10:24:06 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0}, 0x1c)

10:24:06 executing program 0:
__clone(0x42ff, &(0x7f0000000000)="532264ff2e2db35836607472fc013f5f7e1903aa7660854ede2ae92dbbd26d887956eebe6ea5cdc347e0c3b191a31647e896a3")
msgget$private(0x0, 0x408)
r0 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x19, &(0x7f0000000040), 0x4)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000000240)=""/124, 0x7c}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/153, 0x99}], 0x3)
sync()
r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000180)=0xc)
getsockopt$sock_linger(r1, 0xffff, 0x80, &(0x7f00000000c0), &(0x7f0000000100)=0x8)
symlink(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='./file0\x00')
r2 = msgget$private(0x0, 0x0)
msgsnd(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="02"], 0x1, 0x0)
msgsnd(r2, &(0x7f0000000040)={0x3}, 0x8, 0x0)
msgsnd(r2, &(0x7f0000000380)={0x12e63e6832e27ca7, "10f30c8324a0df6fa5bd8d1ef6e52f47b6bc1c5c535504dfc357db338993bf5e7fb6ee07f2f16311e49d2c1912e472afe70bc961c9152fd4e1db81579613190f6d05389ac27f4d0315e154344d8161bb48af19596b6539cd4f45e1bcbedb3dc09dcb5241d96df3b1c7aa82b7d624d2ac2689c392d70e12da77592a2dc2019e57c6c94c65f5"}, 0x8d, 0x800)

10:24:07 executing program 4:
pipe2(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
read(r0, &(0x7f0000000480)=""/214, 0xd6)
close(r0)

10:24:07 executing program 5:
r0 = shmget(0x3, 0x4000, 0x252, &(0x7f0000ffc000/0x4000)=nil)
shmat(r0, &(0x7f0000ff2000/0xe000)=nil, 0x1000)
symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='./file0\x00')
readlink(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')

10:24:07 executing program 3:
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x40000400000002c2, 0x0)
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r0, 0x0, 0x0)
mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x43)
r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r1, 0x0, 0x0)

10:24:07 executing program 2:
mknod(&(0x7f0000000080)='./file0\x00', 0x3012, 0xfffffff8)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000200)='/', 0x0, 0x0)
mknod(&(0x7f0000000000)='./file0\x00', 0x8, 0xfffffff8)
dup2(r1, r0)
fcntl$lock(r0, 0xf, 0x0)

10:24:07 executing program 4:
mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
r0 = _lwp_self()
munlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
_lwp_wakeup(r0)
getegid()
r1 = _lwp_self()
_lwp_setname(r1, &(0x7f0000000040))
_lwp_setname(r0, &(0x7f0000000000)='\x00')
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

10:24:07 executing program 1:
r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(r0, &(0x7f00000001c0)='./file1\x00', 0x0)
renameat(r0, &(0x7f0000000200)='./file1\x00', r0, &(0x7f0000000140)='./file0/file0\x00')
renameat(r0, &(0x7f00000000c0)='./file0/file0\x00', r0, &(0x7f0000000100)='./file1\x00')
renameat(r0, &(0x7f0000000180)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00')

10:24:07 executing program 5:
open$dir(&(0x7f0000000100)='./file0\x00', 0x200, 0x0)
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='.\x00')
rmdir(&(0x7f0000000080)='./file0\x00')

10:24:07 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
shutdown(r1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="542a9d253a1367a7892620845bd8bceae371fd4ab9030daab5f4b8869d8bd82edd998d827e7f079b3342c08fbc76cbfa3867f175e456e4ee3ec05af8690484a4ecdcd45631b6d56af817bea9a32f27ebe754143f3cf2f6f29a7c6c40d3238014d1a3da0a70a52de1b851e88b32ea554ac88027fa0c2ef28faa2d1f4867c7ad81aee1629048e73e82d26478f47c1ac5a45673e322bff1463e1ca088afaf82483be62aac006b3b6a4217e0b76a047b7fc94e7cf3ea6a79c73bcfdf8714c6083ab5d395e826a555946efaf18344dbd57b4a45"]}, 0x0)
sendmsg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x28}, 0x0)

10:24:07 executing program 4:
msgctl$IPC_STAT(0x0, 0x2, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
setgroups(0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0xc, 0xffffffffffffff9c)
sync()
symlink(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='./file0\x00')
mlockall(0x0)

10:24:07 executing program 3:
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x40000400000002c2, 0x0)
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r0, 0x0, 0x0)
mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x43)
r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r1, 0x0, 0x0)

10:24:07 executing program 2:
mknod(&(0x7f0000000080)='./file0\x00', 0x3012, 0xfffffff8)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000200)='/', 0x0, 0x0)
mknod(&(0x7f0000000000)='./file0\x00', 0x8, 0xfffffff8)
dup2(r1, r0)
fcntl$lock(r0, 0xf, 0x0)

10:24:08 executing program 5:
open$dir(&(0x7f0000000000)='./file0\x00', 0x2088611, 0x0)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2088611, 0x0)
_lwp_getprivate()
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000000), 0x2cfea}], 0x1000000000000013)
open(&(0x7f0000000040)='./file0\x00', 0x10, 0xdc)
r1 = socket(0x2, 0x2, 0x0)
socket(0x18, 0x5, 0x9)
setsockopt$inet_opts(r1, 0x0, 0x19, &(0x7f0000000040), 0x4)
getsockopt$SO_PEERCRED(r1, 0xffff, 0x11, &(0x7f00000000c0)={<r2=>0x0}, 0xc)
r3 = socket(0x1d, 0x3, 0x0)
r4 = msgget$private(0x0, 0xfffffffffffffffd)
__vfork14()
msgsnd(r4, &(0x7f00000001c0)=ANY=[@ANYRESHEX=0x0], 0x1, 0x0)
r5 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r5, 0x0, 0x19, &(0x7f0000000040), 0x4)
msgrcv(r4, &(0x7f0000000100)=ANY=[@ANYRES32=r3, @ANYRESDEC=r5, @ANYRES16=r2, @ANYRESOCT, @ANYRESHEX], 0x5, 0x0, 0x800)

10:24:08 executing program 3:
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x40000400000002c2, 0x0)
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r0, 0x0, 0x0)
mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x43)
r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r1, 0x0, 0x0)

10:24:08 executing program 1:
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x4000040000118302, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x80000, 0x52)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000130000/0x200000)=nil, 0x200000, 0x6, 0x10, r1, 0x0, 0x0)
write(r0, &(0x7f0000000780)='\b', 0x1)
open(&(0x7f0000000040)='./file0\x00', 0x2070e, 0x0)
_lwp_create(&(0x7f00000001c0)={0x6, &(0x7f0000000140)={0x400f002d, &(0x7f00000000c0)={0x8, 0x0, {[0x3ff, 0xfffffffc, 0x9, 0xff]}, {0xb91, 0x0, 0x1}, {0x9, 0x8, '[)!!]\x00'}}, {[0x4, 0x7, 0x7, 0x6]}, {0x2, 0x4, 0x5}, {0x6, 0xa31, '(\'\'&)\x00'}}, {[0x6, 0x79bfc563, 0xff, 0x2]}, {0x1, 0x8, 0x5}, {0xb0, 0x3, ':.@//).$\xcb\x00'}}, 0x80, &(0x7f0000000240))

10:24:08 executing program 2:
r0 = __clone(0x0, 0x0)
r1 = msgget$private(0x0, 0x49c)
msgrcv(r1, &(0x7f0000000000)={0x0, ""/190}, 0xc6, 0x0, 0x0)
ptrace(0x9, r0, 0x0, 0x0)
wait4(0x0, 0x0, 0x0, 0x0)
ptrace(0xb, r0, 0x0, 0x10000000)

10:24:08 executing program 0:
__clone(0x0, &(0x7f0000001f00)="eac68242c44a9cadb81ba372c9838633b76e967e135fe393feed261318704ad8")
r0 = getpgid(0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, r0})
wait4(r0, &(0x7f0000001440), 0x20, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getgid()
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r2, 0x0, 0xfffffffffffffd8f, 0x0, &(0x7f0000e68000)={0x2, 0x0}, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0xfffffffffffffd8f, 0x0, &(0x7f0000e68000)={0x2, 0x0}, 0x0)
getpgrp()
fcntl$dupfd(r2, 0xc, r3)
sendmsg$unix(r1, &(0x7f0000000240)={0x0, 0x3d4, &(0x7f0000000340), 0x37f, 0x0, 0xfffffffffffffd57}, 0x0)
r4 = msgget$private(0x0, 0x0)
open(&(0x7f0000001080)='./file0\x00', 0x0, 0x181)
r5 = socket(0x1, 0x20000000, 0x41)
r6 = msgget$private(0x0, 0x104)
msgrcv(r6, &(0x7f0000001140)={0x0, ""/174}, 0xb6, 0x3, 0x1000)
msgrcv(r4, &(0x7f0000001fc0)=ANY=[@ANYBLOB="00000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0a6a41bbd868b19ea39f9643a34e40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b04a776a5aacea00"/4119], 0x1008, 0x3, 0x0)
setsockopt$sock_linger(r5, 0xffff, 0x80, &(0x7f0000001240)={0x7, 0x6}, 0x8)
r7 = msgget$private(0x0, 0x0)
r8 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r8, 0x0, 0x19, &(0x7f0000000040), 0x4)
sendto$inet6(r8, &(0x7f0000001380)="83ab4d1d8ab796b6ba72637d29171ea6570f097235cf48ea38a1faa367f8f7e172d49f8c5f6e1db6326d2947153bbb74172a8dd40a07e211b987e4c72c01e2e833b4bf276592a05f3b6030c860ff5ad82ecb74d42d1e8356bdb2190fe62cb4617ab8418cead4b36047bb2e01ec0567a2c47e7525f7c08f9ba2c426114f751c67ee7e1c75f3626358d5ce73bd62aa4de83e92468904af64d5260e5e748e223df5d667db53109393fb47b7378686c80e4b3f3abf004bcefebe3c1babda6155a1", 0xbf, 0x8, 0x0, 0x0)
msgsnd(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="04"], 0x1, 0x0)
msgsnd(r7, &(0x7f0000001f80)={0x3}, 0x8, 0x0)
r9 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r9, 0x0, 0x19, &(0x7f0000000040), 0x4)
msgsnd(r7, &(0x7f00000012c0)=ANY=[@ANYBLOB="0100000000000000e386bda0079dfb98d22b6923c61a38faa10a4d9cdca3470f0cef24dbb70002ec2fc141959100"/60, @ANYBLOB="26393b7d0648bd38af58682f2516c9d249ffa4d4d1d19a5403cd96c24d647c0448984fd7048828878034bdd75716861459cd569978db2755195aa332fb8c92162b23efb07cf44a36e8ae38839fbb538e72edb458752e7072bf87587be2fc75e951ce7a7da37c49ff691b16d2f1", @ANYRES16=0x0, @ANYRES16=r9], 0x4, 0x800)
msgrcv(r4, &(0x7f00000010c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005bbdd7dc205ac2539c90b00da6cdd0"], 0x5c, 0x1, 0x800)
r10 = socket(0x2, 0x5, 0x0)
sendmsg$unix(r10, &(0x7f00000015c0)={&(0x7f0000001200)=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000001540), 0x0, 0x0, 0x0, 0x9}, 0x0)

10:24:08 executing program 4:
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000140)={{0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
setsockopt$sock_linger(0xffffffffffffffff, 0xffff, 0x80, &(0x7f0000000180)={0xffffffff}, 0x0)
r0 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x19, &(0x7f0000000040), 0x4)
r1 = fcntl$dupfd(r0, 0xc, 0xffffffffffffffff)
r2 = socket(0x18, 0x1, 0x0)
setsockopt(r2, 0x29, 0x80000000000000c, &(0x7f0000000180), 0x14)
pipe2(&(0x7f0000000480)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4)
r4 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r4, 0x0, 0x19, &(0x7f0000000040), 0x4)
r5 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r5, 0x0, 0x19, &(0x7f0000000040), 0x4)
r6 = dup2(r5, 0xffffffffffffff9c)
r7 = socket$inet6(0x18, 0x10000000, 0xae)
r8 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r8, 0x0, 0x19, &(0x7f0000000040), 0x4)
r9 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r9, 0x0, 0x19, &(0x7f0000000040), 0x4)
r10 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r10, 0x0, 0x19, &(0x7f0000000040), 0x4)
r11 = vfork()
r12 = geteuid()
r13 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r13, 0x0, 0x19, &(0x7f0000000040), 0x4)
r14 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r14, 0x0, 0x19, &(0x7f0000000040), 0x4)
getppid()
geteuid()
r15 = __clone(0x0, 0x0)
ptrace(0x9, r15, 0x0, 0x400000020000000)
r16 = getpgid(r15)
r17 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000000000/0x2000)=nil)
shmat(r17, &(0x7f0000001000/0x2000)=nil, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, &(0x7f0000000180)={0x0, <r18=>0x0}, &(0x7f00000001c0)=0xc)
r19 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_int(r19, 0xffff, 0x1004, &(0x7f0000000100)=0x10004, 0x4)
getsockopt$SO_PEERCRED(r19, 0xffff, 0x11, &(0x7f0000000200)={0x0, 0x0, <r20=>0x0}, 0xc)
r21 = getuid()
setreuid(0x0, r21)
r22 = getegid()
getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000240)={<r23=>0x0}, &(0x7f0000000280)=0xc)
shmctl$IPC_SET(r17, 0x1, &(0x7f00000002c0)={{0x0, r18, r20, r21, r22, 0xa0, 0x1f}, 0x2, 0x7fff, r16, r23, 0x1000, 0x8, 0x5})
r24 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r24, 0x0, 0x19, &(0x7f0000000040), 0x4)
r25 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r25, 0x0, 0x19, &(0x7f0000000040), 0x4)
r26 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r26, 0x0, 0x19, &(0x7f0000000040), 0x4)
r27 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r27, 0x0, 0x19, &(0x7f0000000040), 0x4)
r28 = getpgid(0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, r28})
r29 = posix_spawn(0x0, &(0x7f00000004c0)='\x00', &(0x7f0000000540)={0x9, 0x200, &(0x7f0000000500)=@dup={0x1, 0xffffffffffffff9c, {0x1}}}, &(0x7f0000000580)={0x2, r28, {0x40}, 0x80000000, {[0x9, 0x7fffffff, 0x100, 0x6]}, {[0x6, 0x2, 0x6d, 0x800]}}, &(0x7f00000005c0)=['\x00', '\x00'], &(0x7f0000000600)=['&/\\\x00', '(\x00', '\x00', '\x00'])
r30 = getuid()
setreuid(0xee00, r30)
getegid()
r31 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r31, 0x0, 0x19, &(0x7f0000000040), 0x4)
r32 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r32, 0x0, 0x19, &(0x7f0000000040), 0x4)
r33 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r33, 0x0, 0x19, &(0x7f0000000040), 0x4)
r34 = __clone(0x0, 0x0)
ptrace(0x9, r34, 0x0, 0x400000020000000)
r35 = getpgid(r34)
r36 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000000000/0x2000)=nil)
shmat(r36, &(0x7f0000001000/0x2000)=nil, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, &(0x7f0000000180)={0x0, <r37=>0x0}, &(0x7f00000001c0)=0xc)
r38 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_int(r38, 0xffff, 0x1004, &(0x7f0000000100)=0x10004, 0x4)
getsockopt$SO_PEERCRED(r38, 0xffff, 0x11, &(0x7f0000000200)={0x0, 0x0, <r39=>0x0}, 0xc)
r40 = getuid()
setreuid(0x0, r40)
r41 = getegid()
getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000240)={<r42=>0x0}, &(0x7f0000000280)=0xc)
shmctl$IPC_SET(r36, 0x1, &(0x7f00000002c0)={{0x0, r37, r39, r40, r41, 0xa0, 0x1f}, 0x2, 0x7fff, r35, r42, 0x1000, 0x8, 0x5})
sendmsg$unix(r0, &(0x7f0000000780)={&(0x7f0000000000)=@abs={0x1, 0x0, 0x1}, 0x8, &(0x7f0000000440)=[{&(0x7f0000000040)="258b6d4196695b40a1a5e9a6767fd356264f15b3c5fde8cc0ca901f3b48f81b569dc51221c92f1cf1054dd8e94acb6617f969facd0ba3b8f40938fcb7762b2078d6c59de4d39bd719493e927de50e4696e9760a8e2c581bd8864b0f0bba5fbaf81c3e86429d7aaf7dc80f015cd12946293db0c75a7c1e272ae72dbf79993fc547eea073571af6494b262abc187457ef59b89a3a606d92a204104b6b70c4f89f791b170856a6b3dd21ec4b9628d848328b263c171cd02c13983b50fc0c541b928bf5e77118b046c9373738bc09eefb88198c863", 0xd3}, {&(0x7f00000001c0)="c2883a2f1bd8e2ff53e88b2ee10d77f3b856aafb692abb09d072fb96eb42166de38acccd8c183a4a770e7feaf6542d44fc6c09f9ccdadec5b64076cdca3524307992fabec3a70a2d551f85ee799e61c9f0a3b585d3fc59cc49c4efe4ecd09bd78df9fa90fec7b70bf625fca7d8496f956e099a90cba51abb3b46f49f851ff8ffb6bc18582ef1cb1256233895bbc76ff9ca38ec7a", 0x94}, {&(0x7f0000000280)="47f3d774972e3427b14b953db8cebf1a6e9bd2a57506a41ce6e1dba38cee635d85002e52027825a8a48dd902227dbddaf5b2c036c3bf8be39d0abe31b4fcb4790d5998b989ca76fbe76dde5f5a41610733ee3a29d0e6e84c73ab0794cd7323702fd1f20bbfb693fc7a31a8b1f158ec5413c6f5f40b9ad02134eb72de598ef8da7b679344095a5bd7a298f2066b936531d9b97d8b507b1a70ce9442eea6713f7505d03f63545d539826f7a711dacb154664a2ba67e55f377fd0ba22977b86a1e8a1afdc070ae3fa3801eac199373b53065aecd108f65280ea7e356dea54a6feb799cf6f820bd4de2307ef4b0b97e4803a0d8f61d262", 0xf5}, {&(0x7f0000000380)="533f576102ffa5719e687d724e4880c557c5d6e2ed6d03d676fd5db4c5b94bc619815bea1a46636cd1cf1b684422d65f5776226f325766c60f8d8e9babe0c55f6515226deb4a5c0dbe5e2158966ba250655a9322e2a4b75a75bddb5ca1eef44da6de4a5e4f700f749b95811535458da92fe6597a70c50db76d834fdd13f52743600ee40b5db3e031", 0x88}], 0x4, &(0x7f0000000640)=[@rights={0x18, 0xffff, 0x1, [r0]}, @rights={0x38, 0xffff, 0x1, [r3, 0xffffffffffffff9c, r0, r0, r4, r1, r6, r7, r8]}, @rights={0x20, 0xffff, 0x1, [0xffffffffffffff9c, 0xffffffffffffffff, r9, r10]}, @cred={0x20, 0xffff, 0x2, r11, r12}, @rights={0x20, 0xffff, 0x1, [0xffffffffffffffff, 0xffffffffffffff9c, r13, r14]}, @rights={0x18, 0xffff, 0x1, [r31, r33]}, @rights={0x38, 0xffff, 0x1, [r24, 0xffffffffffffff9c, r25, r26, r27, r0, r2, r1, r1]}, @cred={0x20, 0xffff, 0x2, r29, r30, 0xffffffffffffffff}], 0x120, 0xa}, 0x8)

10:24:09 executing program 2:
open$dir(&(0x7f0000000000)='./file0\x00', 0x4c0700, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000040), 0x100000000000017c, 0x0)
r1 = geteuid()
__clone(0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, 0x0, &(0x7f00000001c0))
r2 = semget(0x0, 0x0, 0x208)
r3 = getgid()
r4 = getuid()
setreuid(0xee00, r4)
getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000040)={0x0, 0x0, <r5=>0x0}, &(0x7f0000000080)=0xc)
semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f0000000140)={{0x4, r1, r3, r4, r5, 0xa, 0x3}, 0x10001, 0x2, 0xff})
madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x6)
r6 = __clone(0x0, 0x0)
ptrace(0x9, r6, 0x0, 0x400000020000000)
r7 = getpgid(r6)
r8 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000000000/0x2000)=nil)
shmat(r8, &(0x7f0000001000/0x2000)=nil, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, &(0x7f0000000180)={0x0, <r9=>0x0}, &(0x7f00000001c0)=0xc)
r10 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_int(r10, 0xffff, 0x1004, &(0x7f0000000100)=0x10004, 0x4)
getsockopt$SO_PEERCRED(r10, 0xffff, 0x11, &(0x7f0000000200)={0x0, 0x0, <r11=>0x0}, 0xc)
pipe(&(0x7f0000000340))
r12 = getuid()
setreuid(0x0, r12)
r13 = getegid()
getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000240)={<r14=>0x0}, &(0x7f0000000280)=0xc)
shmctl$IPC_SET(r8, 0x1, &(0x7f00000002c0)={{0x0, r9, r11, r12, r13, 0xa0, 0x1f}, 0x2, 0x7fff, r7, r14, 0x1000, 0x8, 0x5})
chown(&(0x7f00000000c0)='./file0\x00', r1, r11)

10:24:09 executing program 3:
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x40000400000002c2, 0x0)
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r0, 0x0, 0x0)
mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x43)
r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r1, 0x0, 0x0)

[  46.4011200] panic: kernel diagnostic assertion "uvm_page_locked_p(pg)" failed: file "/syzkaller/managers/netbsd-kubsan/kernel/sys/arch/x86/x86/pmap.c", line 3533 
[  46.4129012] cpu0: Begin traceback...
[  46.4211256] vpanic() at netbsd:vpanic+0x2aa
[  46.4611605] kern_assert() at netbsd:kern_assert+0x63
[  46.5112077] pmap_remove_pte() at netbsd:pmap_remove_pte+0x408
[  46.5512388] pmap_remove() at netbsd:pmap_remove+0x239
[  46.5812659] uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x7be
[  46.6213090] uvmspace_free() at netbsd:uvmspace_free+0x2e8
[  46.6613395] uvm_proc_exit() at netbsd:uvm_proc_exit+0xf6
[  46.7013754] exit1() at netbsd:exit1+0x4cb
[  46.7414092] sys_exit() at netbsd:sys_exit+0xba
[  46.7814464] syscall() at netbsd:syscall+0x29a
[  46.8024971] --- syscall (number 1) ---
[  46.8024971] Skipping crash dump on recursive panic
[  46.8116885] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:153:24, member access within misaligned address 0xffffffff for type 'struct x86_64_frame' which requires 8 byte alignment

[  46.8332923] Faulted in mid-traceback; aborting...
[  46.8332923] fatal breakpoint trap in supervisor mode
[  46.8432088] trap type 1 code 0 rip 0xffffffff8021e7cd cs 0x8 rflags 0x286 cr2 0x60b2a0 ilevel 0 rsp 0xffff8c00b2c42da0
[  46.8538963] curlwp 0xffff832c0ba33540 pid 582.1 lowest kstack 0xffff8c00b2c402c0
Stopped in pid 582.1 (syz-executor.2) at        netbsd:breakpoint+0x5:  leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xd1
vpanic() at netbsd:vpanic+0x2aa
isAlreadyReported() at netbsd:isAlreadyReported
HandleTypeMismatch.part.1() at netbsd:HandleTypeMismatch.part.1+0xcc
HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x7b
db_nextframe() at netbsd:db_nextframe+0x6f6
db_stack_trace_print() at netbsd:db_stack_trace_print+0x2c4
db_panic() at netbsd:db_panic+0x8b
vpanic() at netbsd:vpanic+0x2aa
kern_assert() at netbsd:kern_assert+0x63
pmap_remove_pte() at netbsd:pmap_remove_pte+0x408
pmap_remove() at netbsd:pmap_remove+0x239
uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x7be
uvmspace_free() at netbsd:uvmspace_free+0x2e8
uvm_proc_exit() at netbsd:uvm_proc_exit+0xf6
exit1() at netbsd:exit1+0x4cb
sys_exit() at netbsd:sys_exit+0xba
syscall() at netbsd:syscall+0x29a
--- syscall (number 1) ---
[  46.8538963] Skipping crash dump on recursive panic
[  46.8538963] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:154:14, member access within misaligned address 0xffffffff for type 'struct x86_64_frame' which requires 8 byte alignment

[  46.8538963] Faulted in mid-traceback; aborting...
[  46.8538963] fatal breakpoint trap in supervisor mode
[  46.8538963] trap type 1 code 0 rip 0xffffffff8021e7cd cs 0x8 rflags 0x286 cr2 0x60b2a0 ilevel 0x8 rsp 0xffff8c00b2c41aa0
[  46.8538963] curlwp 0xffff832c0ba33540 pid 582.1 lowest kstack 0xffff8c00b2c402c0
Stopped in pid 582.1 (syz-executor.2) at        netbsd:breakpoint+0x5:  leave