Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. 2020/01/24 10:23:59 fuzzer started 2020/01/24 10:23:59 dialing manager at 10.128.0.105:39807 2020/01/24 10:24:00 syscalls: 215 2020/01/24 10:24:00 code coverage: enabled 2020/01/24 10:24:00 comparison tracing: enabled 2020/01/24 10:24:00 extra coverage: support is not implemented in syzkaller 2020/01/24 10:24:00 setuid sandbox: support is not implemented in syzkaller 2020/01/24 10:24:00 namespace sandbox: support is not implemented in syzkaller 2020/01/24 10:24:00 Android sandbox: support is not implemented in syzkaller 2020/01/24 10:24:00 fault injection: support is not implemented in syzkaller 2020/01/24 10:24:00 leak checking: support is not implemented in syzkaller 2020/01/24 10:24:00 net packet injection: support is not implemented in syzkaller 2020/01/24 10:24:00 net device setup: support is not implemented in syzkaller 2020/01/24 10:24:00 concurrency sanitizer: support is not implemented in syzkaller 2020/01/24 10:24:00 devlink PCI setup: support is not implemented in syzkaller 10:24:03 executing program 0: r0 = socket$inet6(0x18, 0x0, 0x2) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0}, 0x55) 10:24:03 executing program 1: syz_emit_ethernet(0x616, &(0x7f0000000740)) 10:24:04 executing program 2: r0 = open(&(0x7f0000000480)='./file0\x00', 0x80000000000206, 0x0) ftruncate(r0, 0x400000000108) r1 = open(&(0x7f0000000480)='./file0\x00', 0x80000000000206, 0x0) ftruncate(r1, 0x400000000106) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x80012, r1, 0x0, 0x0) dup2(r0, r1) open(&(0x7f0000000480)='./file0\x00', 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) 10:24:04 executing program 3: syz_emit_ethernet(0x86, &(0x7f00000003c0)) 10:24:04 executing program 4: r0 = socket(0x11, 0x803, 0x0) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000000)=0xffffffff, 0x4) 10:24:04 executing program 5: r0 = socket(0x2, 0xc003, 0x2f) connect$unix(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8202adfdffffffffffffff653000463f7b238bfa6854d78a2a197a386207000000008295955984c87910bf453f68c11700287ead4bcb777fa69dfceac2a84e6abca64896bc5e57c6388bbd2ad88b2951b15801360bcd4c0a162b58fd426a6ddea3a7bd9bed8637b8fa4de7339f94deba60b6ebc9012ae447473c238495aaee48c02f6ac41e6bf3bf554799b9b813ad30505e8f5300a49fef9d612f871f4385f041a816b583cea4a33957795ea4a5c5fe659fa202361cd8cac7dbbc5b65c6593d2870b4122cfdce5fd53c6302d937b961ae0b2139131dc7b151884324f30e52ab3f26d3066362bdeb2da2b22f0603fc1a315b97a709a71e7311349beeb2f506a218df559ca16d76bffb9b9653d97df05c076dfdec6bd8d052eeb00e6332853cb6bfef7981afda8370eff4fe1e9a03d8ee1d4620af19fa04a03640283aec72c5a5078a412e60d118e30c27ed7e099f2e836f38fb70637252d9ae13a70c40ffe52e490e37df40847910b7b015e9765c6e6f87f6090281d917cb7995877cbc"], 0x10) sendmsg(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) 10:24:06 executing program 3: 10:24:06 executing program 3: 10:24:06 executing program 5: 10:24:06 executing program 1: 10:24:06 executing program 5: 10:24:06 executing program 3: 10:24:06 executing program 0: 10:24:06 executing program 1: 10:24:06 executing program 5: 10:24:06 executing program 2: r0 = socket$inet(0x2b, 0x801, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0}, 0x10) recvmsg(r0, &(0x7f0000002d80)={0x0, 0x0, 0x0}, 0x0) 10:24:06 executing program 1: 10:24:06 executing program 3: 10:24:06 executing program 0: 10:24:06 executing program 4: syz_emit_ethernet(0x256, &(0x7f0000000000)) 10:24:06 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0}, 0x1c) sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff3b, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x2d05}], 0x1}, 0x350c) 10:24:06 executing program 1: r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00000002c0)='./file0\x00', 0x0) mkdirat(r0, &(0x7f00000001c0)='./file1\x00', 0x0) renameat(r0, &(0x7f0000000200)='./file1\x00', r0, &(0x7f0000000140)='./file0/file0\x00') renameat(r0, &(0x7f00000000c0)='./file0/file0\x00', r0, &(0x7f0000000100)='./file1\x00') renameat(r0, &(0x7f0000000180)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00') 10:24:06 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0}, 0x1c) 10:24:06 executing program 0: __clone(0x42ff, &(0x7f0000000000)="532264ff2e2db35836607472fc013f5f7e1903aa7660854ede2ae92dbbd26d887956eebe6ea5cdc347e0c3b191a31647e896a3") msgget$private(0x0, 0x408) r0 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x19, &(0x7f0000000040), 0x4) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000240)=""/124, 0x7c}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/153, 0x99}], 0x3) sync() r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000180)=0xc) getsockopt$sock_linger(r1, 0xffff, 0x80, &(0x7f00000000c0), &(0x7f0000000100)=0x8) symlink(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='./file0\x00') r2 = msgget$private(0x0, 0x0) msgsnd(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="02"], 0x1, 0x0) msgsnd(r2, &(0x7f0000000040)={0x3}, 0x8, 0x0) msgsnd(r2, &(0x7f0000000380)={0x12e63e6832e27ca7, "10f30c8324a0df6fa5bd8d1ef6e52f47b6bc1c5c535504dfc357db338993bf5e7fb6ee07f2f16311e49d2c1912e472afe70bc961c9152fd4e1db81579613190f6d05389ac27f4d0315e154344d8161bb48af19596b6539cd4f45e1bcbedb3dc09dcb5241d96df3b1c7aa82b7d624d2ac2689c392d70e12da77592a2dc2019e57c6c94c65f5"}, 0x8d, 0x800) 10:24:07 executing program 4: pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) read(r0, &(0x7f0000000480)=""/214, 0xd6) close(r0) 10:24:07 executing program 5: r0 = shmget(0x3, 0x4000, 0x252, &(0x7f0000ffc000/0x4000)=nil) shmat(r0, &(0x7f0000ff2000/0xe000)=nil, 0x1000) symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='./file0\x00') readlink(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') 10:24:07 executing program 3: r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x40000400000002c2, 0x0) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r0, 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x43) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r1, 0x0, 0x0) 10:24:07 executing program 2: mknod(&(0x7f0000000080)='./file0\x00', 0x3012, 0xfffffff8) r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000200)='/', 0x0, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x8, 0xfffffff8) dup2(r1, r0) fcntl$lock(r0, 0xf, 0x0) 10:24:07 executing program 4: mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) r0 = _lwp_self() munlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) _lwp_wakeup(r0) getegid() r1 = _lwp_self() _lwp_setname(r1, &(0x7f0000000040)) _lwp_setname(r0, &(0x7f0000000000)='\x00') munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 10:24:07 executing program 1: r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00000002c0)='./file0\x00', 0x0) mkdirat(r0, &(0x7f00000001c0)='./file1\x00', 0x0) renameat(r0, &(0x7f0000000200)='./file1\x00', r0, &(0x7f0000000140)='./file0/file0\x00') renameat(r0, &(0x7f00000000c0)='./file0/file0\x00', r0, &(0x7f0000000100)='./file1\x00') renameat(r0, &(0x7f0000000180)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00') 10:24:07 executing program 5: open$dir(&(0x7f0000000100)='./file0\x00', 0x200, 0x0) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='.\x00') rmdir(&(0x7f0000000080)='./file0\x00') 10:24:07 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="542a9d253a1367a7892620845bd8bceae371fd4ab9030daab5f4b8869d8bd82edd998d827e7f079b3342c08fbc76cbfa3867f175e456e4ee3ec05af8690484a4ecdcd45631b6d56af817bea9a32f27ebe754143f3cf2f6f29a7c6c40d3238014d1a3da0a70a52de1b851e88b32ea554ac88027fa0c2ef28faa2d1f4867c7ad81aee1629048e73e82d26478f47c1ac5a45673e322bff1463e1ca088afaf82483be62aac006b3b6a4217e0b76a047b7fc94e7cf3ea6a79c73bcfdf8714c6083ab5d395e826a555946efaf18344dbd57b4a45"]}, 0x0) sendmsg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x28}, 0x0) 10:24:07 executing program 4: msgctl$IPC_STAT(0x0, 0x2, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) setgroups(0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0xc, 0xffffffffffffff9c) sync() symlink(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='./file0\x00') mlockall(0x0) 10:24:07 executing program 3: r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x40000400000002c2, 0x0) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r0, 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x43) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r1, 0x0, 0x0) 10:24:07 executing program 2: mknod(&(0x7f0000000080)='./file0\x00', 0x3012, 0xfffffff8) r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000200)='/', 0x0, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x8, 0xfffffff8) dup2(r1, r0) fcntl$lock(r0, 0xf, 0x0) 10:24:08 executing program 5: open$dir(&(0x7f0000000000)='./file0\x00', 0x2088611, 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2088611, 0x0) _lwp_getprivate() writev(r0, &(0x7f0000000340)=[{&(0x7f0000000000), 0x2cfea}], 0x1000000000000013) open(&(0x7f0000000040)='./file0\x00', 0x10, 0xdc) r1 = socket(0x2, 0x2, 0x0) socket(0x18, 0x5, 0x9) setsockopt$inet_opts(r1, 0x0, 0x19, &(0x7f0000000040), 0x4) getsockopt$SO_PEERCRED(r1, 0xffff, 0x11, &(0x7f00000000c0)={0x0}, 0xc) r3 = socket(0x1d, 0x3, 0x0) r4 = msgget$private(0x0, 0xfffffffffffffffd) __vfork14() msgsnd(r4, &(0x7f00000001c0)=ANY=[@ANYRESHEX=0x0], 0x1, 0x0) r5 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r5, 0x0, 0x19, &(0x7f0000000040), 0x4) msgrcv(r4, &(0x7f0000000100)=ANY=[@ANYRES32=r3, @ANYRESDEC=r5, @ANYRES16=r2, @ANYRESOCT, @ANYRESHEX], 0x5, 0x0, 0x800) 10:24:08 executing program 3: r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x40000400000002c2, 0x0) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r0, 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x43) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r1, 0x0, 0x0) 10:24:08 executing program 1: r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x4000040000118302, 0x0) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x80000, 0x52) r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000130000/0x200000)=nil, 0x200000, 0x6, 0x10, r1, 0x0, 0x0) write(r0, &(0x7f0000000780)='\b', 0x1) open(&(0x7f0000000040)='./file0\x00', 0x2070e, 0x0) _lwp_create(&(0x7f00000001c0)={0x6, &(0x7f0000000140)={0x400f002d, &(0x7f00000000c0)={0x8, 0x0, {[0x3ff, 0xfffffffc, 0x9, 0xff]}, {0xb91, 0x0, 0x1}, {0x9, 0x8, '[)!!]\x00'}}, {[0x4, 0x7, 0x7, 0x6]}, {0x2, 0x4, 0x5}, {0x6, 0xa31, '(\'\'&)\x00'}}, {[0x6, 0x79bfc563, 0xff, 0x2]}, {0x1, 0x8, 0x5}, {0xb0, 0x3, ':.@//).$\xcb\x00'}}, 0x80, &(0x7f0000000240)) 10:24:08 executing program 2: r0 = __clone(0x0, 0x0) r1 = msgget$private(0x0, 0x49c) msgrcv(r1, &(0x7f0000000000)={0x0, ""/190}, 0xc6, 0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0xb, r0, 0x0, 0x10000000) 10:24:08 executing program 0: __clone(0x0, &(0x7f0000001f00)="eac68242c44a9cadb81ba372c9838633b76e967e135fe393feed261318704ad8") r0 = getpgid(0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, r0}) wait4(r0, &(0x7f0000001440), 0x20, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getgid() r2 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r2, 0x0, 0xfffffffffffffd8f, 0x0, &(0x7f0000e68000)={0x2, 0x0}, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r3, 0x0, 0xfffffffffffffd8f, 0x0, &(0x7f0000e68000)={0x2, 0x0}, 0x0) getpgrp() fcntl$dupfd(r2, 0xc, r3) sendmsg$unix(r1, &(0x7f0000000240)={0x0, 0x3d4, &(0x7f0000000340), 0x37f, 0x0, 0xfffffffffffffd57}, 0x0) r4 = msgget$private(0x0, 0x0) open(&(0x7f0000001080)='./file0\x00', 0x0, 0x181) r5 = socket(0x1, 0x20000000, 0x41) r6 = msgget$private(0x0, 0x104) msgrcv(r6, &(0x7f0000001140)={0x0, ""/174}, 0xb6, 0x3, 0x1000) msgrcv(r4, &(0x7f0000001fc0)=ANY=[@ANYBLOB="00000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0a6a41bbd868b19ea39f9643a34e40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b04a776a5aacea00"/4119], 0x1008, 0x3, 0x0) setsockopt$sock_linger(r5, 0xffff, 0x80, &(0x7f0000001240)={0x7, 0x6}, 0x8) r7 = msgget$private(0x0, 0x0) r8 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r8, 0x0, 0x19, &(0x7f0000000040), 0x4) sendto$inet6(r8, &(0x7f0000001380)="83ab4d1d8ab796b6ba72637d29171ea6570f097235cf48ea38a1faa367f8f7e172d49f8c5f6e1db6326d2947153bbb74172a8dd40a07e211b987e4c72c01e2e833b4bf276592a05f3b6030c860ff5ad82ecb74d42d1e8356bdb2190fe62cb4617ab8418cead4b36047bb2e01ec0567a2c47e7525f7c08f9ba2c426114f751c67ee7e1c75f3626358d5ce73bd62aa4de83e92468904af64d5260e5e748e223df5d667db53109393fb47b7378686c80e4b3f3abf004bcefebe3c1babda6155a1", 0xbf, 0x8, 0x0, 0x0) msgsnd(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="04"], 0x1, 0x0) msgsnd(r7, &(0x7f0000001f80)={0x3}, 0x8, 0x0) r9 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r9, 0x0, 0x19, &(0x7f0000000040), 0x4) msgsnd(r7, &(0x7f00000012c0)=ANY=[@ANYBLOB="0100000000000000e386bda0079dfb98d22b6923c61a38faa10a4d9cdca3470f0cef24dbb70002ec2fc141959100"/60, @ANYBLOB="26393b7d0648bd38af58682f2516c9d249ffa4d4d1d19a5403cd96c24d647c0448984fd7048828878034bdd75716861459cd569978db2755195aa332fb8c92162b23efb07cf44a36e8ae38839fbb538e72edb458752e7072bf87587be2fc75e951ce7a7da37c49ff691b16d2f1", @ANYRES16=0x0, @ANYRES16=r9], 0x4, 0x800) msgrcv(r4, &(0x7f00000010c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005bbdd7dc205ac2539c90b00da6cdd0"], 0x5c, 0x1, 0x800) r10 = socket(0x2, 0x5, 0x0) sendmsg$unix(r10, &(0x7f00000015c0)={&(0x7f0000001200)=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000001540), 0x0, 0x0, 0x0, 0x9}, 0x0) 10:24:08 executing program 4: shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000140)={{0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) setsockopt$sock_linger(0xffffffffffffffff, 0xffff, 0x80, &(0x7f0000000180)={0xffffffff}, 0x0) r0 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x19, &(0x7f0000000040), 0x4) r1 = fcntl$dupfd(r0, 0xc, 0xffffffffffffffff) r2 = socket(0x18, 0x1, 0x0) setsockopt(r2, 0x29, 0x80000000000000c, &(0x7f0000000180), 0x14) pipe2(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) r4 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r4, 0x0, 0x19, &(0x7f0000000040), 0x4) r5 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r5, 0x0, 0x19, &(0x7f0000000040), 0x4) r6 = dup2(r5, 0xffffffffffffff9c) r7 = socket$inet6(0x18, 0x10000000, 0xae) r8 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r8, 0x0, 0x19, &(0x7f0000000040), 0x4) r9 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r9, 0x0, 0x19, &(0x7f0000000040), 0x4) r10 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r10, 0x0, 0x19, &(0x7f0000000040), 0x4) r11 = vfork() r12 = geteuid() r13 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r13, 0x0, 0x19, &(0x7f0000000040), 0x4) r14 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r14, 0x0, 0x19, &(0x7f0000000040), 0x4) getppid() geteuid() r15 = __clone(0x0, 0x0) ptrace(0x9, r15, 0x0, 0x400000020000000) r16 = getpgid(r15) r17 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000000000/0x2000)=nil) shmat(r17, &(0x7f0000001000/0x2000)=nil, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) r19 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r19, 0xffff, 0x1004, &(0x7f0000000100)=0x10004, 0x4) getsockopt$SO_PEERCRED(r19, 0xffff, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0xc) r21 = getuid() setreuid(0x0, r21) r22 = getegid() getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) shmctl$IPC_SET(r17, 0x1, &(0x7f00000002c0)={{0x0, r18, r20, r21, r22, 0xa0, 0x1f}, 0x2, 0x7fff, r16, r23, 0x1000, 0x8, 0x5}) r24 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r24, 0x0, 0x19, &(0x7f0000000040), 0x4) r25 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r25, 0x0, 0x19, &(0x7f0000000040), 0x4) r26 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r26, 0x0, 0x19, &(0x7f0000000040), 0x4) r27 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r27, 0x0, 0x19, &(0x7f0000000040), 0x4) r28 = getpgid(0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, r28}) r29 = posix_spawn(0x0, &(0x7f00000004c0)='\x00', &(0x7f0000000540)={0x9, 0x200, &(0x7f0000000500)=@dup={0x1, 0xffffffffffffff9c, {0x1}}}, &(0x7f0000000580)={0x2, r28, {0x40}, 0x80000000, {[0x9, 0x7fffffff, 0x100, 0x6]}, {[0x6, 0x2, 0x6d, 0x800]}}, &(0x7f00000005c0)=['\x00', '\x00'], &(0x7f0000000600)=['&/\\\x00', '(\x00', '\x00', '\x00']) r30 = getuid() setreuid(0xee00, r30) getegid() r31 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r31, 0x0, 0x19, &(0x7f0000000040), 0x4) r32 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r32, 0x0, 0x19, &(0x7f0000000040), 0x4) r33 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r33, 0x0, 0x19, &(0x7f0000000040), 0x4) r34 = __clone(0x0, 0x0) ptrace(0x9, r34, 0x0, 0x400000020000000) r35 = getpgid(r34) r36 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000000000/0x2000)=nil) shmat(r36, &(0x7f0000001000/0x2000)=nil, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) r38 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r38, 0xffff, 0x1004, &(0x7f0000000100)=0x10004, 0x4) getsockopt$SO_PEERCRED(r38, 0xffff, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0xc) r40 = getuid() setreuid(0x0, r40) r41 = getegid() getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) shmctl$IPC_SET(r36, 0x1, &(0x7f00000002c0)={{0x0, r37, r39, r40, r41, 0xa0, 0x1f}, 0x2, 0x7fff, r35, r42, 0x1000, 0x8, 0x5}) sendmsg$unix(r0, &(0x7f0000000780)={&(0x7f0000000000)=@abs={0x1, 0x0, 0x1}, 0x8, &(0x7f0000000440)=[{&(0x7f0000000040)="258b6d4196695b40a1a5e9a6767fd356264f15b3c5fde8cc0ca901f3b48f81b569dc51221c92f1cf1054dd8e94acb6617f969facd0ba3b8f40938fcb7762b2078d6c59de4d39bd719493e927de50e4696e9760a8e2c581bd8864b0f0bba5fbaf81c3e86429d7aaf7dc80f015cd12946293db0c75a7c1e272ae72dbf79993fc547eea073571af6494b262abc187457ef59b89a3a606d92a204104b6b70c4f89f791b170856a6b3dd21ec4b9628d848328b263c171cd02c13983b50fc0c541b928bf5e77118b046c9373738bc09eefb88198c863", 0xd3}, {&(0x7f00000001c0)="c2883a2f1bd8e2ff53e88b2ee10d77f3b856aafb692abb09d072fb96eb42166de38acccd8c183a4a770e7feaf6542d44fc6c09f9ccdadec5b64076cdca3524307992fabec3a70a2d551f85ee799e61c9f0a3b585d3fc59cc49c4efe4ecd09bd78df9fa90fec7b70bf625fca7d8496f956e099a90cba51abb3b46f49f851ff8ffb6bc18582ef1cb1256233895bbc76ff9ca38ec7a", 0x94}, {&(0x7f0000000280)="47f3d774972e3427b14b953db8cebf1a6e9bd2a57506a41ce6e1dba38cee635d85002e52027825a8a48dd902227dbddaf5b2c036c3bf8be39d0abe31b4fcb4790d5998b989ca76fbe76dde5f5a41610733ee3a29d0e6e84c73ab0794cd7323702fd1f20bbfb693fc7a31a8b1f158ec5413c6f5f40b9ad02134eb72de598ef8da7b679344095a5bd7a298f2066b936531d9b97d8b507b1a70ce9442eea6713f7505d03f63545d539826f7a711dacb154664a2ba67e55f377fd0ba22977b86a1e8a1afdc070ae3fa3801eac199373b53065aecd108f65280ea7e356dea54a6feb799cf6f820bd4de2307ef4b0b97e4803a0d8f61d262", 0xf5}, {&(0x7f0000000380)="533f576102ffa5719e687d724e4880c557c5d6e2ed6d03d676fd5db4c5b94bc619815bea1a46636cd1cf1b684422d65f5776226f325766c60f8d8e9babe0c55f6515226deb4a5c0dbe5e2158966ba250655a9322e2a4b75a75bddb5ca1eef44da6de4a5e4f700f749b95811535458da92fe6597a70c50db76d834fdd13f52743600ee40b5db3e031", 0x88}], 0x4, &(0x7f0000000640)=[@rights={0x18, 0xffff, 0x1, [r0]}, @rights={0x38, 0xffff, 0x1, [r3, 0xffffffffffffff9c, r0, r0, r4, r1, r6, r7, r8]}, @rights={0x20, 0xffff, 0x1, [0xffffffffffffff9c, 0xffffffffffffffff, r9, r10]}, @cred={0x20, 0xffff, 0x2, r11, r12}, @rights={0x20, 0xffff, 0x1, [0xffffffffffffffff, 0xffffffffffffff9c, r13, r14]}, @rights={0x18, 0xffff, 0x1, [r31, r33]}, @rights={0x38, 0xffff, 0x1, [r24, 0xffffffffffffff9c, r25, r26, r27, r0, r2, r1, r1]}, @cred={0x20, 0xffff, 0x2, r29, r30, 0xffffffffffffffff}], 0x120, 0xa}, 0x8) 10:24:09 executing program 2: open$dir(&(0x7f0000000000)='./file0\x00', 0x4c0700, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000040), 0x100000000000017c, 0x0) r1 = geteuid() __clone(0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, 0x0, &(0x7f00000001c0)) r2 = semget(0x0, 0x0, 0x208) r3 = getgid() r4 = getuid() setreuid(0xee00, r4) getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f0000000140)={{0x4, r1, r3, r4, r5, 0xa, 0x3}, 0x10001, 0x2, 0xff}) madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x6) r6 = __clone(0x0, 0x0) ptrace(0x9, r6, 0x0, 0x400000020000000) r7 = getpgid(r6) r8 = shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000000000/0x2000)=nil) shmat(r8, &(0x7f0000001000/0x2000)=nil, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0xffff, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) r10 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r10, 0xffff, 0x1004, &(0x7f0000000100)=0x10004, 0x4) getsockopt$SO_PEERCRED(r10, 0xffff, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0xc) pipe(&(0x7f0000000340)) r12 = getuid() setreuid(0x0, r12) r13 = getegid() getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) shmctl$IPC_SET(r8, 0x1, &(0x7f00000002c0)={{0x0, r9, r11, r12, r13, 0xa0, 0x1f}, 0x2, 0x7fff, r7, r14, 0x1000, 0x8, 0x5}) chown(&(0x7f00000000c0)='./file0\x00', r1, r11) 10:24:09 executing program 3: r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x40000400000002c2, 0x0) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000180), 0x81700}], 0x1000000000000013) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r0, 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x43) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x55ad85fd40ecec69, 0xa11, r1, 0x0, 0x0) [ 46.4011200] panic: kernel diagnostic assertion "uvm_page_locked_p(pg)" failed: file "/syzkaller/managers/netbsd-kubsan/kernel/sys/arch/x86/x86/pmap.c", line 3533 [ 46.4129012] cpu0: Begin traceback... [ 46.4211256] vpanic() at netbsd:vpanic+0x2aa [ 46.4611605] kern_assert() at netbsd:kern_assert+0x63 [ 46.5112077] pmap_remove_pte() at netbsd:pmap_remove_pte+0x408 [ 46.5512388] pmap_remove() at netbsd:pmap_remove+0x239 [ 46.5812659] uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x7be [ 46.6213090] uvmspace_free() at netbsd:uvmspace_free+0x2e8 [ 46.6613395] uvm_proc_exit() at netbsd:uvm_proc_exit+0xf6 [ 46.7013754] exit1() at netbsd:exit1+0x4cb [ 46.7414092] sys_exit() at netbsd:sys_exit+0xba [ 46.7814464] syscall() at netbsd:syscall+0x29a [ 46.8024971] --- syscall (number 1) --- [ 46.8024971] Skipping crash dump on recursive panic [ 46.8116885] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:153:24, member access within misaligned address 0xffffffff for type 'struct x86_64_frame' which requires 8 byte alignment [ 46.8332923] Faulted in mid-traceback; aborting... [ 46.8332923] fatal breakpoint trap in supervisor mode [ 46.8432088] trap type 1 code 0 rip 0xffffffff8021e7cd cs 0x8 rflags 0x286 cr2 0x60b2a0 ilevel 0 rsp 0xffff8c00b2c42da0 [ 46.8538963] curlwp 0xffff832c0ba33540 pid 582.1 lowest kstack 0xffff8c00b2c402c0 Stopped in pid 582.1 (syz-executor.2) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xd1 vpanic() at netbsd:vpanic+0x2aa isAlreadyReported() at netbsd:isAlreadyReported HandleTypeMismatch.part.1() at netbsd:HandleTypeMismatch.part.1+0xcc HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x7b db_nextframe() at netbsd:db_nextframe+0x6f6 db_stack_trace_print() at netbsd:db_stack_trace_print+0x2c4 db_panic() at netbsd:db_panic+0x8b vpanic() at netbsd:vpanic+0x2aa kern_assert() at netbsd:kern_assert+0x63 pmap_remove_pte() at netbsd:pmap_remove_pte+0x408 pmap_remove() at netbsd:pmap_remove+0x239 uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x7be uvmspace_free() at netbsd:uvmspace_free+0x2e8 uvm_proc_exit() at netbsd:uvm_proc_exit+0xf6 exit1() at netbsd:exit1+0x4cb sys_exit() at netbsd:sys_exit+0xba syscall() at netbsd:syscall+0x29a --- syscall (number 1) --- [ 46.8538963] Skipping crash dump on recursive panic [ 46.8538963] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:154:14, member access within misaligned address 0xffffffff for type 'struct x86_64_frame' which requires 8 byte alignment [ 46.8538963] Faulted in mid-traceback; aborting... [ 46.8538963] fatal breakpoint trap in supervisor mode [ 46.8538963] trap type 1 code 0 rip 0xffffffff8021e7cd cs 0x8 rflags 0x286 cr2 0x60b2a0 ilevel 0x8 rsp 0xffff8c00b2c41aa0 [ 46.8538963] curlwp 0xffff832c0ba33540 pid 582.1 lowest kstack 0xffff8c00b2c402c0 Stopped in pid 582.1 (syz-executor.2) at netbsd:breakpoint+0x5: leave