Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts. 2018/11/25 13:23:02 fuzzer started 2018/11/25 13:23:06 dialing manager at 10.128.0.105:34332 2018/11/25 13:23:06 syscalls: 1 2018/11/25 13:23:06 code coverage: enabled 2018/11/25 13:23:06 comparison tracing: support is not implemented in syzkaller 2018/11/25 13:23:06 setuid sandbox: support is not implemented in syzkaller 2018/11/25 13:23:06 namespace sandbox: support is not implemented in syzkaller 2018/11/25 13:23:06 Android sandbox: support is not implemented in syzkaller 2018/11/25 13:23:06 fault injection: support is not implemented in syzkaller 2018/11/25 13:23:06 leak checking: support is not implemented in syzkaller 2018/11/25 13:23:06 net packet injection: enabled 2018/11/25 13:23:06 net device setup: support is not implemented in syzkaller 13:23:08 executing program 0: 13:23:08 executing program 1: syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd600387af005c000000000000000000000000000000000000fe8000000000000000000000000000aa0001000000000000040100000100010200076d1a31da0b92ddd5c711000000000000000420880b0000000000000800000086dd080088be00000000100000000100000000000000080022eb000000002000000002e500000000000000000000080065580000000011795721d92ae67dac2be6de1a1928bd54af17f9432c58bf8757dfcac84c39cc0f912c247fc55a60cf71eabee0b11d4d5f318878a2a9df275b3d33510d84aef6ec83f6f7ac0b267503928a07a24160ce4c10846d1894dc992022a949da5c316e3a006e68eb25e3ae520256aa4c836fa6f6320f02163ee77fe7da32a5e050e43623a4274497e1b5c2fa847d2a07e4ae179183355ea4ab4d1db15558782c5b79518ecfd54e4b"]) 13:23:08 executing program 1: r0 = socket$inet(0x2, 0x1, 0x8d8) sendto$inet(r0, &(0x7f0000000000)="031bf740646282a4521541fd35b8772bea4f2936dc1dcd8c42b8aec3ab764c7b58bc5042536e1fd7988c64ee8bfa19d9b38c677e35c921ad78", 0x39, 0x1, 0x0, 0x0) clock_gettime(0xffff7ffffffffffd, 0xfffffffffffffffe) 13:23:08 executing program 0: r0 = accept$inet(0xffffffffffffff9c, 0x0, &(0x7f0000000000)) write(r0, &(0x7f0000000100)="fcc1149c1c7a73dc", 0x8) mknod(&(0x7f0000000ffa)='./bus\x00', 0x2000, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) fcntl$lock(r1, 0x8, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x100000000}) 13:23:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x20040, 0x1c0) ioctl$TIOCGETD(r2, 0x4004741a, &(0x7f0000000100)) sendto(r1, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000280)=""/47, 0x2f}], 0x1, 0x0}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) r5 = msgget$private(0x0, 0x14) msgctl$IPC_RMID(r5, 0x0) ioctl$TIOCSTOP(r4, 0x2000746f) recvmsg(r3, &(0x7f0000001400)={&(0x7f0000000140)=@in6, 0xc, &(0x7f0000000300)=[{&(0x7f0000000180)=""/159, 0x9f}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000000240)=""/55, 0x37}, {&(0x7f00000002c0)=""/49, 0x31}], 0x4, &(0x7f0000000340)=""/126, 0x7e, 0x5af}, 0x840) 13:23:08 executing program 0: r0 = kqueue() r1 = open(&(0x7f0000000000)='./file0\x00', 0x80, 0x45) ioctl$TIOCSPGRP(r1, 0x40047477, &(0x7f0000000040)) kevent(r0, &(0x7f0000000140), 0x3ff, &(0x7f00000001c0)=[{{}, 0xfffffffffffffffa, 0x53}], 0x8000, 0x0) 13:23:08 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) listen(r0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x2}, 0xc) r1 = getuid() seteuid(r1) bind(r0, &(0x7f0000000000)=@in6, 0xc) listen(r0, 0x6) getsockopt(r0, 0x101, 0xda9, &(0x7f00000000c0)=""/78, &(0x7f0000000040)=0x4e) 13:23:08 executing program 0: link(&(0x7f0000000040)='..', &(0x7f0000000080)='../file0\x00') r0 = syz_open_pts() ioctl$TIOCSWINSZ(r0, 0x80087467, &(0x7f0000000000)={0x100000001, 0x80000000, 0x28400fa5, 0x4ca}) 13:23:08 executing program 1: r0 = socket$inet6(0x18, 0x8001, 0x0) setsockopt$sock_int(r0, 0xffff, 0x100c, &(0x7f0000000000)=0xffffffffffff041e, 0xffffffffffffffac) socket(0x20, 0xc003, 0xffffffffae10664d) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCGTSTAMP(r1, 0x4010745b, &(0x7f0000000080)) 13:23:08 executing program 1: read(0xffffffffffffffff, &(0x7f00000000c0)=""/218, 0xda) read(0xffffffffffffffff, &(0x7f0000000000)=""/4, 0x4) recvmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)=@in6, 0xc, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/31, 0x1f}, {&(0x7f0000000d80)=""/4096, 0x1000}, {&(0x7f0000000200)=""/170, 0xaa}], 0x3, &(0x7f0000000300)=""/230, 0xe6, 0x7ff}, 0x40) execve(0x0, 0x0, 0x0) socket$unix(0x1, 0x2, 0x0) writev(0xffffffffffffffff, &(0x7f0000001fc0)=[{&(0x7f0000000d40)="e3", 0x1}], 0x1) 13:23:08 executing program 0: link(&(0x7f0000000040)='..', &(0x7f0000000080)='../file0\x00') r0 = syz_open_pts() ioctl$TIOCSWINSZ(r0, 0x80087467, &(0x7f0000000000)={0x100000001, 0x80000000, 0x28400fa5, 0x4ca}) 13:23:08 executing program 1: r0 = socket$inet6(0x18, 0x8003, 0x0) r1 = getpgrp() fcntl$setown(r0, 0x6, r1) fcntl$setown(r0, 0x6, r1) lseek(r0, 0x0, 0x1) 13:23:08 executing program 0: link(&(0x7f0000000040)='..', &(0x7f0000000080)='../file0\x00') r0 = syz_open_pts() ioctl$TIOCSWINSZ(r0, 0x80087467, &(0x7f0000000000)={0x100000001, 0x80000000, 0x28400fa5, 0x4ca}) 13:23:08 executing program 1: r0 = socket$unix(0x1, 0x0, 0x0) setsockopt$sock_int(r0, 0xffff, 0x200, &(0x7f0000000040), 0x4) r1 = semget(0x3, 0x5, 0x27) semctl$GETZCNT(r1, 0x0, 0x7, &(0x7f0000001340)) recvmsg(r0, &(0x7f00000012c0)={&(0x7f0000000000)=@in, 0xc, &(0x7f0000001240)=[{&(0x7f0000000080)=""/4096, 0x1000}, {&(0x7f0000001080)}, {&(0x7f00000010c0)=""/162, 0xa2}, {&(0x7f0000001180)=""/191, 0xbf}], 0x4, &(0x7f0000001280)=""/57, 0xffffffffffffff4b, 0x7}, 0x843) chdir(&(0x7f0000001300)='./file0\x00') setsockopt$sock_int(r0, 0xffff, 0x1007, &(0x7f0000001080)=0x19b2159b, 0x4) sendmsg(r0, &(0x7f0000001b80)={&(0x7f0000001c00)=ANY=[@ANYBLOB="00d8c2e84e6988002e2f661a692d5e6f"], 0xa, &(0x7f00000019c0)=[{&(0x7f0000001380)="46c589b0bb0e792777c575be0ddc61686792d2a1972c40c9c9d17b3ef7fc8963af3ecb66", 0x24}, {&(0x7f00000013c0)="4ba2b9677553fdf8dd8f7c60fcf80091807e60315e683e6ac4db0e715f87ca55b50e480360979c53fcd036d2d3aefea6048500ea4987ac009525b19be1706fb1facd8614c7c402fc8c502f5bb4b2de56468e2640f3487cc872e6d6b086f39efeabaddbec61863dfea11f9695dd028809d0512209b3f58f2ef014b778c045aa1227e72ec733287e0d2c583dedad", 0x8d}, {&(0x7f0000001480)="550b09b3591d47ae6fe24adfeeaa1a741d5a6a3c2a8573a7ef039a63231768c065a3e7081e205b3ce21a9cf52331f334feea35a962cfb7c55d228df8a6704405780e17515b640f6376b642b29d8c5c92a670fe3af35fbcebc8ad7b99212cc2b6c83a9822f99419a9b5ff5e7d666cec0ca5a58f219c06c01ce265448479e2df5075d6e0c0b2d7dcaa22e9609a665f5699bdb4b2da1758b06761c149", 0x9b}, {&(0x7f0000001540)="03cccfaf73998f7fac95c6f8d9419925edcc5ea60f", 0x15}, {&(0x7f0000001580)="b5921db312f2579388b361db00392290a34cf21619379769d6dc6edbcf075c8ec33471e894222822362df3c85ffba886d44f274ced097c8aa4ebddc7e584d0bcbedea70118817388611ed07a0fbdb330b0d7057d", 0x54}, {&(0x7f0000001600)="095c292c1a02a154b58deb742f2f8d3ec02b64c21d4f87a2498da3b89157de228813a1f04718437b592aaf426dc7699ca1617a2b908dad591bce08919ebbb97ccd99791c95bf6f04d769bd86c9bd8a1fbbbc530a480025bd36ff80aec92c21f780639594e0b804d508fab266db6b0c1c9e39e015e5a60ef1319fc9eb4c76d6f8d85ab45b429b21e3f57ac9b8d09984ceaebee9ec6113d0a42788d5ae274bf9cde08f2a43942431a66be015fc59cb7bd8c665b79530214e637bde19415c7e78271920d4551a43768d208880db6f77163097fa575bcf0c2e709bf8880f805af3aaf377eb3b3bccbf9344d9d11f5d1ec1b87a30a970deb12e0c7dbd5403599c", 0xfe}, {&(0x7f0000001700)="3a5bec578ed681b52d3c2735d85070dd5fa2b7525af5e9d07d00d24ae0b681ddbed7119e0ab00ee0482ec24e2735e0ab92e3f31250cc390a871ac4f9e587af46b389625958c1d6d728fa60cf8c694d5d69ee842549198c4b86d9a0d1a9ac35392fdaad74852aaa30ddef83482c50385f41c9387be9d6243145ddcc03d18e3e0fd337ca4a8e09dda9f7fdeb78441d463dded2c27294f686f258f180fb8237112b41655aeb9b062f601350832ac06c2690975765dcb71dc6c01596155ad632e7c5d20a5d2552be542498c17e86e0f85b076a96ab35dbf54e69caab693c0ade758631b8", 0xe2}, {&(0x7f0000001800)="248621035a4959922c09adbf469aafd55c3f40da9fc9f99eb8e6a6468f4f804a3183c20fdb07154bf48d7b959c37ec90b16624011f53416c70b947b9ce7e875ab783ad04efe8666d08d8b70ab2a0709ab237e32f6f7aaf58a3bf859670aad8972188f7e92f1bdc7b58101165840371160bf286ae2e77fd8d8b72aa86950987c79dce1a37fa08cf5ee86c619df1f8fdfc277437d39580da274fd84b01321050be64304ee1874a946d6d30", 0xaa}, {&(0x7f00000018c0)="c858f8e724acb1899ba732c1eae0b6fb6781e198ceefb0dfbb3e86a2f2ce7f4bae5a10583d2fe0c21aaf4bb8ed8a262b381ee08d26c1727c728067f3d121a5e7ef033444f0f4ed830df45cd9d1b5bbc5d84657bfeac832837b02c0d98c34701d1a1fde4e4c0ff6b1819553600c98d803dbbfe17cc81f55d6f89475777e4c5ddcc071ceaeac62db5137858e720dae50eab67a631dd2efa5dd8fca579d07b49e149d8ab5ca527c35146f435a18fb50a246ed6d302df610b44fcd9871111df02e064e5c07a49e464cec88b8d66d3a4b6d51db924898c11fc3d663504dfe68d14d3ee7647cb06d4b1a0945e886dfc52a39ae9002ae0b07bc6696e4a81007fa6b2f", 0xff}], 0x9, &(0x7f0000001a80)=[{0x30, 0x1, 0x100000000, "b4e429ec582019cfbf4da612582711801e54ce3b21b19b6ee455c850"}, {0xd0, 0xffff, 0x3, "3385bb891b1f640b47ff84172f535fa621f505be6b9e3f7f430fa603a45870327e0c12ede8f2d9fc5212a316af887d376d3dddb143bab27ffe39d105cd9aca08b6260daf5f6079dc420179f1a4ef3ddf93dca83cddb66b31cfc65d3c5057ba02122f23d245235ad7187eea797744fb209270b1879c9a0f1999a8cc24386daa2247af3ceb55d67f6d016f63c6bb973df6c3c96f6ed0b07e496c5057b7647f7d87988e8b66ae215302d4ac63e8d0e7a43e6c44afbdc33f1617d0c00745229fcbc6"}], 0x100, 0x404}, 0x8) socketpair$inet(0x2, 0x2, 0x7fffffff, &(0x7f0000001bc0)) 13:23:08 executing program 0: link(&(0x7f0000000040)='..', &(0x7f0000000080)='../file0\x00') r0 = syz_open_pts() ioctl$TIOCSWINSZ(r0, 0x80087467, &(0x7f0000000000)={0x100000001, 0x80000000, 0x28400fa5, 0x4ca}) 13:23:08 executing program 1: mknod(&(0x7f0000000140)='./file0\x00', 0x2002, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = kqueue() ioctl$TIOCEXCL(r0, 0x2000740d) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000000200)="b13f468da321c92b6631be9f718d802f13fc83ccabf0ff19050bcd622375f105a02ba084194825190e643d90217a2928faef0417cf275bc020026aaf5929eb98c2977ee23847be36562018bfc9314f34f14fa0353c1d4177515b7ab9201612da723500945687ca0096fb4be2075814c1627cfc9ebe72fdd83f918fc4a7a912bee4cfa315413fef56463bed42ff59d99147b91139bb9e1ea18a169e62a0cee16f6dc8bce4363d557c0d6e7c9386aa46cbccedaf3a16cb465058abf5a386f979b74e69bfbb982936d38121ec3c44703d5869c3789a6b45c0a607ed2b1944de6e5de41b5577e3d13c3e99bcb4a3", 0xec}], 0x1, 0x0) kevent(r1, &(0x7f0000000080)=[{{r1}, 0xffffffffffffffff, 0x20, 0x0, 0x80000000}, {{r0}, 0xffffffffffffffff, 0x0, 0x2, 0x21, 0x3}], 0x8000, &(0x7f00000000c0)=[{{r1}, 0x0, 0x0, 0x0, 0x5, 0x9ce0}, {{r1}, 0xfffffffffffffffb, 0x8, 0x80000000, 0x5, 0xbcd6}], 0x10000, &(0x7f0000000180)={0xef3a, 0x8001}) kevent(r1, &(0x7f0000000100)=[{{r0}, 0xfffffffffffffffe, 0x11}], 0xc996, &(0x7f00000001c0)=[{{r0}, 0xffffffffffffffff, 0x41}], 0x8000, 0x0) 13:23:08 executing program 0: link(&(0x7f0000000040)='..', &(0x7f0000000080)='../file0\x00') syz_open_pts() 13:23:08 executing program 1: r0 = socket$inet6(0x18, 0x3, 0x20) fcntl$dupfd(r0, 0x0, r0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x101) setsockopt(r0, 0x6, 0x4, 0x0, 0x0) 13:23:08 executing program 0: link(&(0x7f0000000040)='..', &(0x7f0000000080)='../file0\x00') 13:23:08 executing program 0: link(0x0, &(0x7f0000000080)='../file0\x00') 13:23:08 executing program 1: mkdir(&(0x7f0000000200)='./file0\x00', 0x0) close(0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x100, 0x40) recvmsg(r0, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000040)=""/94, 0x5e}, {&(0x7f0000000240)=""/170, 0xaa}, {&(0x7f0000000300)=""/142, 0x8e}, {&(0x7f00000000c0)=""/34, 0x22}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/180, 0xb4}, {&(0x7f0000001480)=""/252, 0xfc}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000000180)=""/85, 0x55}], 0x9, &(0x7f0000002640)=""/124, 0x7c, 0x6}, 0x840) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00') 13:23:08 executing program 0: link(0x0, &(0x7f0000000080)='../file0\x00') 13:23:08 executing program 1: r0 = syz_open_pts() r1 = dup(r0) ioctl$TIOCCONS(r1, 0x80047462, &(0x7f0000000040)=0xcf) ioctl$TIOCCDTR(r1, 0x20007478) ioctl$TIOCCONS(r1, 0x80047462, &(0x7f0000000100)) 13:23:08 executing program 0: link(0x0, &(0x7f0000000080)='../file0\x00') 13:23:08 executing program 1: socketpair$inet(0x2, 0x3, 0x7fffffff, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) socketpair$inet(0x2, 0x4004, 0x101, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername$inet(r1, &(0x7f0000000080), &(0x7f00000000c0)=0xc) getrlimit(0xb, 0x0) getrlimit(0x5, &(0x7f0000000040)) 13:23:08 executing program 0: link(&(0x7f0000000040)='..', 0x0) 13:23:08 executing program 0: link(&(0x7f0000000040)='..', 0x0) 13:23:08 executing program 1: r0 = socket$inet6(0x18, 0x8001, 0x0) lseek(r0, 0xffffffffffffffff, 0x3) close(r0) 13:23:08 executing program 0: link(&(0x7f0000000040)='..', 0x0) 13:23:08 executing program 1: mknod(&(0x7f0000000040)='./bus\x00', 0x2000, 0x5ad8) socketpair(0x6, 0x8000, 0x4, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x401, 0x0) writev(r1, &(0x7f00000005c0)=[{0x0}], 0x1) panic: sandbox escaping file name "../file0", Files are map[../file0:true] goroutine 16 [running]: github.com/google/syzkaller/prog.(*randGen).filename(0xc0002bf6a0, 0xc0006a0a80, 0xbf4c40, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:161 +0x2e3 github.com/google/syzkaller/prog.(*BufferType).mutate(0xbf4c40, 0xc0002bf6a0, 0xc0006a0a80, 0x8faa00, 0xc000219c80, 0xc0006a0a48, 0xc000219c50, 0x0, 0xc000219d00, 0x2d3775c948d8b403, ...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:264 +0x533 github.com/google/syzkaller/prog.(*Target).mutateArg(0xc0000731e0, 0xc0002bf6a0, 0xc0006a0a80, 0x8faa00, 0xc000219c80, 0xc0006a0a48, 0xc000219c50, 0x0, 0x4f0f00, 0xc0008f5d87, ...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:172 +0xe3 github.com/google/syzkaller/prog.(*mutator).mutateArg(0xc0008f5e48, 0xa) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:153 +0x231 github.com/google/syzkaller/prog.(*Prog).Mutate(0xc0006a0900, 0x8f8680, 0xc00074bbc0, 0x1e, 0xc000690400, 0xc0006ee000, 0xa24, 0xc00) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:34 +0x2db main.(*Proc).smashInput(0xc000690440, 0xc00047d5e0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:196 +0x103 main.(*Proc).loop(0xc000690440) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:82 +0x177 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:236 +0xfe2