fatal error: bad use of bucket.mp goroutine 19 [running]: runtime.throw({0xabc111?, 0x43f545?}) /usr/local/go/src/runtime/panic.go:1047 +0x5d fp=0xc00004f498 sp=0xc00004f468 pc=0x4363dd runtime.(*bucket).mp(0x0?) /usr/local/go/src/runtime/mprof.go:240 +0x45 fp=0xc00004f4b8 sp=0xc00004f498 pc=0x42d785 runtime.mProf_FlushLocked(0x41c33d?) /usr/local/go/src/runtime/mprof.go:387 +0x46 fp=0xc00004f4e8 sp=0xc00004f4b8 pc=0x42dce6 runtime.mProf_Flush() /usr/local/go/src/runtime/mprof.go:373 +0x98 fp=0xc00004f518 sp=0xc00004f4e8 pc=0x42dc58 runtime.gcMarkTermination() /usr/local/go/src/runtime/mgc.go:1095 +0x5a5 fp=0xc00004f6f0 sp=0xc00004f518 pc=0x41a7e5 runtime.gcMarkDone() /usr/local/go/src/runtime/mgc.go:918 +0x2d3 fp=0xc00004f750 sp=0xc00004f6f0 pc=0x41a133 runtime.gcBgMarkWorker() /usr/local/go/src/runtime/mgc.go:1407 +0x345 fp=0xc00004f7e0 sp=0xc00004f750 pc=0x41b3c5 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004f7e8 sp=0xc00004f7e0 pc=0x469781 created by runtime.gcBgMarkStartWorkers /usr/local/go/src/runtime/mgc.go:1199 +0x25 goroutine 1 [select]: runtime.gopark(0xc01e759a00?, 0x2?, 0x20?, 0xf9?, 0xc01e7599bc?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc00098f7f0 sp=0xc00098f7d0 pc=0x4390f6 runtime.selectgo(0xc00098fa00, 0xc01e7599b8, 0xc018387c50?, 0x0, 0x0?, 0x1) /usr/local/go/src/runtime/select.go:327 +0x7be fp=0xc00098f930 sp=0xc00098f7f0 pc=0x4491fe main.(*Fuzzer).pollLoop(0xc000002600) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:385 +0x105 fp=0xc00098fa30 sp=0xc00098f930 pc=0x90d625 main.main() /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:313 +0x176c fp=0xc00098ff80 sp=0xc00098fa30 pc=0x90ccac runtime.main() /usr/local/go/src/runtime/proc.go:250 +0x207 fp=0xc00098ffe0 sp=0xc00098ff80 pc=0x438cc7 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00098ffe8 sp=0xc00098ffe0 pc=0x469781 goroutine 2 [force gc (idle), 8 minutes]: runtime.gopark(0x655528613d?, 0x0?, 0x0?, 0x0?, 0x0?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc000052fb0 sp=0xc000052f90 pc=0x4390f6 runtime.goparkunlock(...) /usr/local/go/src/runtime/proc.go:387 runtime.forcegchelper() /usr/local/go/src/runtime/proc.go:305 +0xb0 fp=0xc000052fe0 sp=0xc000052fb0 pc=0x438f30 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000052fe8 sp=0xc000052fe0 pc=0x469781 created by runtime.init.6 /usr/local/go/src/runtime/proc.go:293 +0x25 goroutine 17 [runnable]: runtime.goschedIfBusy() /usr/local/go/src/runtime/proc.go:344 +0x30 fp=0xc00004e780 sp=0xc00004e768 pc=0x438ff0 runtime.bgsweep(0x0?) /usr/local/go/src/runtime/mgcsweep.go:303 +0x148 fp=0xc00004e7c8 sp=0xc00004e780 pc=0x4242a8 runtime.gcenable.func1() /usr/local/go/src/runtime/mgc.go:178 +0x26 fp=0xc00004e7e0 sp=0xc00004e7c8 pc=0x419406 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004e7e8 sp=0xc00004e7e0 pc=0x469781 created by runtime.gcenable /usr/local/go/src/runtime/mgc.go:178 +0x6b goroutine 18 [GC scavenge wait]: runtime.gopark(0x8a63d41950?, 0x6a92c?, 0x0?, 0x0?, 0x0?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc00004ef70 sp=0xc00004ef50 pc=0x4390f6 runtime.goparkunlock(...) /usr/local/go/src/runtime/proc.go:387 runtime.(*scavengerState).park(0x1f50160) /usr/local/go/src/runtime/mgcscavenge.go:400 +0x53 fp=0xc00004efa0 sp=0xc00004ef70 pc=0x422133 runtime.bgscavenge(0x0?) /usr/local/go/src/runtime/mgcscavenge.go:633 +0x65 fp=0xc00004efc8 sp=0xc00004efa0 pc=0x422725 runtime.gcenable.func2() /usr/local/go/src/runtime/mgc.go:179 +0x26 fp=0xc00004efe0 sp=0xc00004efc8 pc=0x4193a6 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004efe8 sp=0xc00004efe0 pc=0x469781 created by runtime.gcenable /usr/local/go/src/runtime/mgc.go:179 +0xaa goroutine 3 [finalizer wait, 8 minutes]: runtime.gopark(0x0?, 0xc1f158?, 0x80?, 0x4?, 0x2000000020?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc000052628 sp=0xc000052608 pc=0x4390f6 runtime.runfinq() /usr/local/go/src/runtime/mfinal.go:193 +0x107 fp=0xc0000527e0 sp=0xc000052628 pc=0x418447 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000527e8 sp=0xc0000527e0 pc=0x469781 created by runtime.createfing /usr/local/go/src/runtime/mfinal.go:163 +0x45 goroutine 4 [select]: runtime.gopark(0xc000053788?, 0x3?, 0xff?, 0xff?, 0xc000053772?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc0000535f8 sp=0xc0000535d8 pc=0x4390f6 runtime.selectgo(0xc000053788, 0xc00005376c, 0xc000159c00?, 0x0, 0x0?, 0x1) /usr/local/go/src/runtime/select.go:327 +0x7be fp=0xc000053738 sp=0xc0000535f8 pc=0x4491fe go.opencensus.io/stats/view.(*worker).start(0xc000159c00) /syzkaller/gopath/src/github.com/google/syzkaller/vendor/go.opencensus.io/stats/view/worker.go:292 +0xad fp=0xc0000537c8 sp=0xc000053738 pc=0x8ceb2d go.opencensus.io/stats/view.init.0.func1() /syzkaller/gopath/src/github.com/google/syzkaller/vendor/go.opencensus.io/stats/view/worker.go:34 +0x26 fp=0xc0000537e0 sp=0xc0000537c8 pc=0x8cdd66 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000537e8 sp=0xc0000537e0 pc=0x469781 created by go.opencensus.io/stats/view.init.0 /syzkaller/gopath/src/github.com/google/syzkaller/vendor/go.opencensus.io/stats/view/worker.go:34 +0x96 goroutine 5 [GC worker (idle)]: runtime.gopark(0xbaa2bc310e?, 0x3?, 0xa7?, 0x7b?, 0x0?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc000053f50 sp=0xc000053f30 pc=0x4390f6 runtime.gcBgMarkWorker() /usr/local/go/src/runtime/mgc.go:1275 +0xf1 fp=0xc000053fe0 sp=0xc000053f50 pc=0x41b171 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000053fe8 sp=0xc000053fe0 pc=0x469781 created by runtime.gcBgMarkStartWorkers /usr/local/go/src/runtime/mgc.go:1199 +0x25 goroutine 6 [GC worker (idle)]: runtime.gopark(0xbaa2bc1756?, 0x3?, 0x6f?, 0x28?, 0x0?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc000054750 sp=0xc000054730 pc=0x4390f6 runtime.gcBgMarkWorker() /usr/local/go/src/runtime/mgc.go:1275 +0xf1 fp=0xc0000547e0 sp=0xc000054750 pc=0x41b171 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000547e8 sp=0xc0000547e0 pc=0x469781 created by runtime.gcBgMarkStartWorkers /usr/local/go/src/runtime/mgc.go:1199 +0x25 goroutine 20 [GC worker (idle)]: runtime.gopark(0x1f81040?, 0x1?, 0x9d?, 0x36?, 0x0?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc00004ff50 sp=0xc00004ff30 pc=0x4390f6 runtime.gcBgMarkWorker() /usr/local/go/src/runtime/mgc.go:1275 +0xf1 fp=0xc00004ffe0 sp=0xc00004ff50 pc=0x41b171 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004ffe8 sp=0xc00004ffe0 pc=0x469781 created by runtime.gcBgMarkStartWorkers /usr/local/go/src/runtime/mgc.go:1199 +0x25 goroutine 7 [chan receive, 12 minutes]: runtime.gopark(0xc000907e88?, 0xc000907ee0?, 0xb3?, 0xc4?, 0xc000907ee0?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc000907eb0 sp=0xc000907e90 pc=0x4390f6 runtime.chanrecv(0xc0001101e0, 0x0, 0x1) /usr/local/go/src/runtime/chan.go:583 +0x49d fp=0xc000907f40 sp=0xc000907eb0 pc=0x406f5d runtime.chanrecv1(0xc0001101e0?, 0xc000907fb0?) /usr/local/go/src/runtime/chan.go:442 +0x18 fp=0xc000907f68 sp=0xc000907f40 pc=0x406a98 github.com/google/syzkaller/pkg/osutil.HandleInterrupts.func1() /syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:78 +0x8a fp=0xc000907fe0 sp=0xc000907f68 pc=0x52ddaa runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000907fe8 sp=0xc000907fe0 pc=0x469781 created by github.com/google/syzkaller/pkg/osutil.HandleInterrupts /syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:75 +0x56 goroutine 8 [chan receive, 12 minutes]: runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc0000506e8 sp=0xc0000506c8 pc=0x4390f6 runtime.chanrecv(0xc00007c0c0, 0x0, 0x1) /usr/local/go/src/runtime/chan.go:583 +0x49d fp=0xc000050778 sp=0xc0000506e8 pc=0x406f5d runtime.chanrecv1(0x0?, 0x0?) /usr/local/go/src/runtime/chan.go:442 +0x18 fp=0xc0000507a0 sp=0xc000050778 pc=0x406a98 main.main.func1() /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:182 +0x1f fp=0xc0000507e0 sp=0xc0000507a0 pc=0x90cd7f runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000507e8 sp=0xc0000507e0 pc=0x469781 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:180 +0x48f goroutine 33 [select, 12 minutes, locked to thread]: runtime.gopark(0xc000903fa8?, 0x2?, 0x72?, 0x94?, 0xc000903fa4?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc000903e18 sp=0xc000903df8 pc=0x4390f6 runtime.selectgo(0xc000903fa8, 0xc000903fa0, 0x0?, 0x0, 0x1?, 0x1) /usr/local/go/src/runtime/select.go:327 +0x7be fp=0xc000903f58 sp=0xc000903e18 pc=0x4491fe runtime.ensureSigM.func1() /usr/local/go/src/runtime/signal_unix.go:1000 +0x1af fp=0xc000903fe0 sp=0xc000903f58 pc=0x46138f runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000903fe8 sp=0xc000903fe0 pc=0x469781 created by runtime.ensureSigM /usr/local/go/src/runtime/signal_unix.go:983 +0xbd goroutine 49 [syscall, 12 minutes]: runtime.notetsleepg(0x0?, 0x0?) /usr/local/go/src/runtime/lock_futex.go:236 +0x34 fp=0xc000dd9fa0 sp=0xc000dd9f68 pc=0x40c554 os/signal.signal_recv() /usr/local/go/src/runtime/sigqueue.go:152 +0x2f fp=0xc000dd9fc0 sp=0xc000dd9fa0 pc=0x465d4f os/signal.loop() /usr/local/go/src/os/signal/signal_unix.go:23 +0x19 fp=0xc000dd9fe0 sp=0xc000dd9fc0 pc=0x52c8b9 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000dd9fe8 sp=0xc000dd9fe0 pc=0x469781 created by os/signal.Notify.func1.1 /usr/local/go/src/os/signal/signal.go:151 +0x2a goroutine 11 [IO wait]: runtime.gopark(0x1?, 0xb?, 0x0?, 0x0?, 0x3?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc000dcb958 sp=0xc000dcb938 pc=0x4390f6 runtime.netpollblock(0x4bc5a5?, 0x40482f?, 0x0?) /usr/local/go/src/runtime/netpoll.go:527 +0xf7 fp=0xc000dcb990 sp=0xc000dcb958 pc=0x431a57 internal/poll.runtime_pollWait(0x7fde53425d18, 0x72) /usr/local/go/src/runtime/netpoll.go:306 +0x89 fp=0xc000dcb9b0 sp=0xc000dcb990 pc=0x463b49 internal/poll.(*pollDesc).wait(0xc0008c5900?, 0xc0008fb000?, 0x0) /usr/local/go/src/internal/poll/fd_poll_runtime.go:84 +0x32 fp=0xc000dcb9d8 sp=0xc000dcb9b0 pc=0x4d7a72 internal/poll.(*pollDesc).waitRead(...) /usr/local/go/src/internal/poll/fd_poll_runtime.go:89 internal/poll.(*FD).Read(0xc0008c5900, {0xc0008fb000, 0x1000, 0x1000}) /usr/local/go/src/internal/poll/fd_unix.go:167 +0x299 fp=0xc000dcba70 sp=0xc000dcb9d8 pc=0x4d8e59 net.(*netFD).Read(0xc0008c5900, {0xc0008fb000?, 0xc000dcbbb8?, 0x89dd25?}) /usr/local/go/src/net/fd_posix.go:55 +0x29 fp=0xc000dcbab8 sp=0xc000dcba70 pc=0x65da69 net.(*conn).Read(0xc000daa980, {0xc0008fb000?, 0x198?, 0x4b25fa?}) /usr/local/go/src/net/net.go:183 +0x45 fp=0xc000dcbb00 sp=0xc000dcbab8 pc=0x66f5a5 net.(*TCPConn).Read(0xc000d44120?, {0xc0008fb000?, 0x9e2660?, 0xc018090ab0?}) :1 +0x29 fp=0xc000dcbb30 sp=0xc000dcbb00 pc=0x67f809 bufio.(*Reader).fill(0xc00009bf80) /usr/local/go/src/bufio/bufio.go:106 +0xff fp=0xc000dcbb68 sp=0xc000dcbb30 pc=0x50c7ff bufio.(*Reader).ReadByte(0xc00009bf80) /usr/local/go/src/bufio/bufio.go:265 +0x2c fp=0xc000dcbb88 sp=0xc000dcbb68 pc=0x50cfcc compress/flate.(*decompressor).moreBits(0xc000a34000) /usr/local/go/src/compress/flate/inflate.go:696 +0x2d fp=0xc000dcbbc0 sp=0xc000dcbb88 pc=0x51888d compress/flate.(*decompressor).nextBlock(0xc000a34000) /usr/local/go/src/compress/flate/inflate.go:303 +0x2e fp=0xc000dcbbd8 sp=0xc000dcbbc0 pc=0x516c4e compress/flate.(*decompressor).Read(0xc000a34000, {0xc00093f000, 0x1000, 0xc000dcbc80?}) /usr/local/go/src/compress/flate/inflate.go:347 +0x7e fp=0xc000dcbc10 sp=0xc000dcbbd8 pc=0x516ebe github.com/google/syzkaller/pkg/rpctype.(*flateConn).Read(0xc000d44100?, {0xc00093f000?, 0x9eda40?, 0xc018090a80?}) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpctype/rpc.go:136 +0x26 fp=0xc000dcbc40 sp=0xc000dcbc10 pc=0x909286 bufio.(*Reader).Read(0xc000944000, {0xc0008f8410, 0x1, 0xc000dcbd70?}) /usr/local/go/src/bufio/bufio.go:237 +0x1bb fp=0xc000dcbc78 sp=0xc000dcbc40 pc=0x50cddb io.ReadAtLeast({0xcda080, 0xc000944000}, {0xc0008f8410, 0x1, 0x9}, 0x1) /usr/local/go/src/io/io.go:332 +0x9a fp=0xc000dcbcc0 sp=0xc000dcbc78 pc=0x4b25fa io.ReadFull(...) /usr/local/go/src/io/io.go:351 encoding/gob.decodeUintReader({0xcda080?, 0xc000944000?}, {0xc0008f8410?, 0x9?, 0x9?}) /usr/local/go/src/encoding/gob/decode.go:116 +0x57 fp=0xc000dcbd18 sp=0xc000dcbcc0 pc=0x89c057 encoding/gob.(*Decoder).recvMessage(0xc0008c5980) /usr/local/go/src/encoding/gob/decoder.go:82 +0x39 fp=0xc000dcbd50 sp=0xc000dcbd18 pc=0x8a5c19 encoding/gob.(*Decoder).decodeTypeSequence(0xc0008c5980, 0x0) /usr/local/go/src/encoding/gob/decoder.go:148 +0x4f fp=0xc000dcbd80 sp=0xc000dcbd50 pc=0x8a5faf encoding/gob.(*Decoder).DecodeValue(0xc0008c5980, {0x957940?, 0xc00009cdb0?, 0x7fde534464a8?}) /usr/local/go/src/encoding/gob/decoder.go:227 +0x18f fp=0xc000dcbe00 sp=0xc000dcbd80 pc=0x8a644f encoding/gob.(*Decoder).Decode(0xc0008c5980, {0x957940?, 0xc00009cdb0?}) /usr/local/go/src/encoding/gob/decoder.go:204 +0x165 fp=0xc000dcbe58 sp=0xc000dcbe00 pc=0x8a6265 net/rpc.(*gobClientCodec).ReadResponseHeader(0x99ece0?, 0x94f280?) /usr/local/go/src/net/rpc/client.go:228 +0x27 fp=0xc000dcbe80 sp=0xc000dcbe58 pc=0x8bbd67 net/rpc.(*Client).input(0xc0009440c0) /usr/local/go/src/net/rpc/client.go:109 +0xb4 fp=0xc000dcbfc8 sp=0xc000dcbe80 pc=0x8baff4 net/rpc.NewClientWithCodec.func1() /usr/local/go/src/net/rpc/client.go:206 +0x26 fp=0xc000dcbfe0 sp=0xc000dcbfc8 pc=0x8bbc26 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000dcbfe8 sp=0xc000dcbfe0 pc=0x469781 created by net/rpc.NewClientWithCodec /usr/local/go/src/net/rpc/client.go:206 +0xc5 goroutine 14 [wait for GC cycle]: runtime.gopark(0x2?, 0xc0185a5300?, 0xbf?, 0x3b?, 0xcdafe0?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc01e7f94c0 sp=0xc01e7f94a0 pc=0x4390f6 runtime.goparkunlock(...) /usr/local/go/src/runtime/proc.go:387 runtime.gcWaitOnMark(0x71) /usr/local/go/src/runtime/mgc.go:504 +0x5b fp=0xc01e7f94f0 sp=0xc01e7f94c0 pc=0x41969b runtime.GC() /usr/local/go/src/runtime/mgc.go:447 +0x4e fp=0xc01e7f9528 sp=0xc01e7f94f0 pc=0x41954e runtime/debug.freeOSMemory() /usr/local/go/src/runtime/mheap.go:1656 +0x19 fp=0xc01e7f9540 sp=0xc01e7f9528 pc=0x463679 runtime/debug.FreeOSMemory(...) /usr/local/go/src/runtime/debug/garbage.go:104 main.(*Proc).executeRaw(0xc01b768040, 0x20?, 0xa54920?, 0x6) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:341 +0x15c fp=0xc01e7f9658 sp=0xc01e7f9540 pc=0x91303c main.(*Proc).execute(0xc01b768040, 0xaf7019?, 0xc01859f300?, 0xc01e7f97d8?, 0xc01e7f9818?) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x49 fp=0xc01e7f9798 sp=0xc01e7f9658 pc=0x912809 main.(*Proc).executeHintSeed.func1(0x1300?) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:250 +0x85 fp=0xc01e7f97f8 sp=0xc01e7f9798 pc=0x912785 github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func1() /syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:79 +0x6d fp=0xc01e7f9828 sp=0xc01e7f97f8 pc=0x555d2d github.com/google/syzkaller/prog.checkCompressedArg(0xc01cd40ba0, 0x1?, 0xc01e7f9d18) /syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:179 +0x2d2 fp=0xc01e7f9910 sp=0xc01e7f9828 pc=0x5565d2 github.com/google/syzkaller/prog.generateHints(0xc017376380?, {0xce0b60, 0xc01cd40ba0}, 0xc01e7f99e0?) /syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:123 +0x178 fp=0xc01e7f9958 sp=0xc01e7f9910 pc=0x555ed8 github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func2({0xce0b60?, 0xc01cd40ba0?}, 0x912785?) /syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:82 +0x34 fp=0xc01e7f9988 sp=0xc01e7f9958 pc=0x555c74 github.com/google/syzkaller/prog.foreachArgImpl({0xce0b60?, 0xc01cd40ba0?}, 0xc01ab73800, 0xc01e7f9d00) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:134 +0x139 fp=0xc01e7f9b10 sp=0xc01e7f9988 pc=0x5408d9 github.com/google/syzkaller/prog.foreachArgImpl({0xce0be0?, 0xc01cd40b70?}, 0xc01ab73800, 0xc01e7f9d00) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:168 +0x2ce fp=0xc01e7f9c98 sp=0xc01e7f9b10 pc=0x540a6e github.com/google/syzkaller/prog.ForeachArg(0xc0136ce870, 0x1?) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:127 +0xde fp=0xc01e7f9cf0 sp=0xc01e7f9c98 pc=0x54073e github.com/google/syzkaller/prog.(*Prog).MutateWithHints(0xc01b768040?, 0x0, 0xc022f6d0b0, 0xc01e7f9d80) /syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:81 +0xaa fp=0xc01e7f9d48 sp=0xc01e7f9cf0 pc=0x555bea main.(*Proc).executeHintSeed(0xc01b768040, 0xc008ecc000?, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:248 +0xd2 fp=0xc01e7f9db0 sp=0xc01e7f9d48 pc=0x9126b2 main.(*Proc).smashInput(0xc01b768040, 0xc00ea0f5f0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:214 +0x88 fp=0xc01e7f9e98 sp=0xc01e7f9db0 pc=0x912288 main.(*Proc).loop(0xc01b768040) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0xf2 fp=0xc01e7f9fc8 sp=0xc01e7f9e98 pc=0x910a32 main.main.func2() /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:310 +0x26 fp=0xc01e7f9fe0 sp=0xc01e7f9fc8 pc=0x90cd26 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc01e7f9fe8 sp=0xc01e7f9fe0 pc=0x469781 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:310 +0x15e5 goroutine 15 [runnable]: runtime.Gosched(...) /usr/local/go/src/runtime/proc.go:321 runtime.GC() /usr/local/go/src/runtime/mgc.go:455 +0x67 fp=0xc00008fc38 sp=0xc00008fc00 pc=0x419567 runtime/debug.freeOSMemory() /usr/local/go/src/runtime/mheap.go:1656 +0x19 fp=0xc00008fc50 sp=0xc00008fc38 pc=0x463679 runtime/debug.FreeOSMemory(...) /usr/local/go/src/runtime/debug/garbage.go:104 main.(*Proc).executeRaw(0xc01b768080, 0x11?, 0x12?, 0x8) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:341 +0x15c fp=0xc00008fd68 sp=0xc00008fc50 pc=0x91303c main.(*Proc).executeAndCollide(0xc01b768080, 0xaaa58f?, 0xc01b734030?, 0xc011227e08?, 0xc01b768000?) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:292 +0x72 fp=0xc00008fdb0 sp=0xc00008fd68 pc=0x912d52 main.(*Proc).smashInput(0xc01b768080, 0xc013bc4060) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:221 +0x1d4 fp=0xc00008fe98 sp=0xc00008fdb0 pc=0x9123d4 main.(*Proc).loop(0xc01b768080) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0xf2 fp=0xc00008ffc8 sp=0xc00008fe98 pc=0x910a32 main.main.func2() /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:310 +0x26 fp=0xc00008ffe0 sp=0xc00008ffc8 pc=0x90cd26 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00008ffe8 sp=0xc00008ffe0 pc=0x469781 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:310 +0x15e5 goroutine 16 [IO wait]: runtime.gopark(0x540ee0?, 0xb?, 0x0?, 0x0?, 0x13?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc00098d6c0 sp=0xc00098d6a0 pc=0x4390f6 runtime.netpollblock(0x4bc5a5?, 0x40482f?, 0x0?) /usr/local/go/src/runtime/netpoll.go:527 +0xf7 fp=0xc00098d6f8 sp=0xc00098d6c0 pc=0x431a57 internal/poll.runtime_pollWait(0x7fde53425958, 0x72) /usr/local/go/src/runtime/netpoll.go:306 +0x89 fp=0xc00098d718 sp=0xc00098d6f8 pc=0x463b49 internal/poll.(*pollDesc).wait(0xc00d92e900?, 0xc0188e2940?, 0x1) /usr/local/go/src/internal/poll/fd_poll_runtime.go:84 +0x32 fp=0xc00098d740 sp=0xc00098d718 pc=0x4d7a72 internal/poll.(*pollDesc).waitRead(...) /usr/local/go/src/internal/poll/fd_poll_runtime.go:89 internal/poll.(*FD).Read(0xc00d92e900, {0xc0188e2940, 0xc, 0xc}) /usr/local/go/src/internal/poll/fd_unix.go:167 +0x299 fp=0xc00098d7d8 sp=0xc00098d740 pc=0x4d8e59 os.(*File).read(...) /usr/local/go/src/os/file_posix.go:31 os.(*File).Read(0xc029ab4058, {0xc0188e2940?, 0xc01e755868?, 0x40de47?}) /usr/local/go/src/os/file.go:118 +0x5e fp=0xc00098d830 sp=0xc00098d7d8 pc=0x4e42be io.ReadAtLeast({0xcdd260, 0xc029ab4058}, {0xc0188e2940, 0xc, 0xc}, 0xc) /usr/local/go/src/io/io.go:332 +0x9a fp=0xc00098d878 sp=0xc00098d830 pc=0x4b25fa io.ReadFull(...) /usr/local/go/src/io/io.go:351 github.com/google/syzkaller/pkg/ipc.(*command).exec(0xc02773e230, 0x7fde4f125000?, {0x0, 0x0, 0x0}) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:786 +0x559 fp=0xc00098da30 sp=0xc00098d878 pc=0x907e79 github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc01b617e60, 0xc01e755b38?, 0xc0183cba80) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:286 +0x24e fp=0xc00098db10 sp=0xc00098da30 pc=0x903eae main.(*Proc).executeRaw(0xc01b7680c0, 0x484b7e?, 0xc023c4bfe0?, 0x5) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:328 +0x1bc fp=0xc00098dc28 sp=0xc00098db10 pc=0x91309c main.(*Proc).execute(0xc01b7680c0, 0x11?, 0x12?, 0xc01e755e08?, 0x1?) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:255 +0x49 fp=0xc00098dd68 sp=0xc00098dc28 pc=0x912809 main.(*Proc).executeAndCollide(0xc01b7680c0, 0xaaa58f?, 0xc01b734060?, 0xc01e755e08?, 0xc01b768000?) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:284 +0x27 fp=0xc00098ddb0 sp=0xc00098dd68 pc=0x912d07 main.(*Proc).smashInput(0xc01b7680c0, 0xc01e3068f0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:221 +0x1d4 fp=0xc00098de98 sp=0xc00098ddb0 pc=0x9123d4 main.(*Proc).loop(0xc01b7680c0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0xf2 fp=0xc00098dfc8 sp=0xc00098de98 pc=0x910a32 main.main.func2() /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:310 +0x26 fp=0xc00098dfe0 sp=0xc00098dfc8 pc=0x90cd26 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00098dfe8 sp=0xc00098dfe0 pc=0x469781 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:310 +0x15e5 goroutine 65 [sync.Cond.Wait]: runtime.gopark(0xc0185bac60?, 0x12cd320?, 0x2?, 0x0?, 0x2?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc00098bba8 sp=0xc00098bb88 pc=0x4390f6 runtime.goparkunlock(...) /usr/local/go/src/runtime/proc.go:387 sync.runtime_notifyListWait(0xc000d42290, 0xede) /usr/local/go/src/runtime/sema.go:527 +0x14c fp=0xc00098bbf0 sp=0xc00098bba8 pc=0x4658ec sync.(*Cond).Wait(0xc0185d51c0?) /usr/local/go/src/sync/cond.go:70 +0x8c fp=0xc00098bc28 sp=0xc00098bbf0 pc=0x4824cc github.com/google/syzkaller/pkg/ipc.(*Gate).Enter(0xc000d423c0) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/gate.go:34 +0x3f fp=0xc00098bc50 sp=0xc00098bc28 pc=0x902d9f main.(*Proc).executeRaw(0xc01b768100, 0x11?, 0x12?, 0x8) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:322 +0x88 fp=0xc00098bd68 sp=0xc00098bc50 pc=0x912f68 main.(*Proc).executeAndCollide(0xc01b768100, 0xaaa58f?, 0xc01b734090?, 0xc01122be08?, 0xc01b768000?) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:292 +0x72 fp=0xc00098bdb0 sp=0xc00098bd68 pc=0x912d52 main.(*Proc).smashInput(0xc01b768100, 0xc0163cdfa0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:221 +0x1d4 fp=0xc00098be98 sp=0xc00098bdb0 pc=0x9123d4 main.(*Proc).loop(0xc01b768100) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0xf2 fp=0xc00098bfc8 sp=0xc00098be98 pc=0x910a32 main.main.func2() /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:310 +0x26 fp=0xc00098bfe0 sp=0xc00098bfc8 pc=0x90cd26 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00098bfe8 sp=0xc00098bfe0 pc=0x469781 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:310 +0x15e5 goroutine 3254 [IO wait, 1 minutes]: runtime.gopark(0x4488f3?, 0xb?, 0x0?, 0x0?, 0xf?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc008733de8 sp=0xc008733dc8 pc=0x4390f6 runtime.netpollblock(0x4bc5a5?, 0x40482f?, 0x0?) /usr/local/go/src/runtime/netpoll.go:527 +0xf7 fp=0xc008733e20 sp=0xc008733de8 pc=0x431a57 internal/poll.runtime_pollWait(0x7fde51fe2a00, 0x72) /usr/local/go/src/runtime/netpoll.go:306 +0x89 fp=0xc008733e40 sp=0xc008733e20 pc=0x463b49 internal/poll.(*pollDesc).wait(0xc00d92e840?, 0xc00304006a?, 0x1) /usr/local/go/src/internal/poll/fd_poll_runtime.go:84 +0x32 fp=0xc008733e68 sp=0xc008733e40 pc=0x4d7a72 internal/poll.(*pollDesc).waitRead(...) /usr/local/go/src/internal/poll/fd_poll_runtime.go:89 internal/poll.(*FD).Read(0xc00d92e840, {0xc00304006a, 0x1ff96, 0x1ff96}) /usr/local/go/src/internal/poll/fd_unix.go:167 +0x299 fp=0xc008733f00 sp=0xc008733e68 pc=0x4d8e59 os.(*File).read(...) /usr/local/go/src/os/file_posix.go:31 os.(*File).Read(0xc029ab4048, {0xc00304006a?, 0x3500000001?, 0x0?}) /usr/local/go/src/os/file.go:118 +0x5e fp=0xc008733f58 sp=0xc008733f00 pc=0x4e42be github.com/google/syzkaller/pkg/ipc.makeCommand.func2(0xc02773e230) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:629 +0x8a fp=0xc008733fc8 sp=0xc008733f58 pc=0x906f6a github.com/google/syzkaller/pkg/ipc.makeCommand.func7() /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:644 +0x2a fp=0xc008733fe0 sp=0xc008733fc8 pc=0x906eaa runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc008733fe8 sp=0xc008733fe0 pc=0x469781 created by github.com/google/syzkaller/pkg/ipc.makeCommand /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:623 +0xa7b goroutine 14638 [select]: runtime.gopark(0xc0087327b0?, 0x2?, 0x8?, 0xa1?, 0xc00873278c?) /usr/local/go/src/runtime/proc.go:381 +0xd6 fp=0xc008732618 sp=0xc0087325f8 pc=0x4390f6 runtime.selectgo(0xc0087327b0, 0xc008732788, 0x10a9000011d1?, 0x0, 0x338000011d1?, 0x1) /usr/local/go/src/runtime/select.go:327 +0x7be fp=0xc008732758 sp=0xc008732618 pc=0x4491fe github.com/google/syzkaller/pkg/ipc.(*command).exec.func1() /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:771 +0x7d fp=0xc0087327e0 sp=0xc008732758 pc=0x90857d runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0087327e8 sp=0xc0087327e0 pc=0x469781 created by github.com/google/syzkaller/pkg/ipc.(*command).exec /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:769 +0x25b goroutine 3255 [syscall, 8 minutes]: syscall.Syscall6(0xc008739e08?, 0x4488f3?, 0x4390f6?, 0x1?, 0x0?, 0xc008739f48?, 0x4497b4?) /usr/local/go/src/syscall/syscall_linux.go:91 +0x36 fp=0xc008739de0 sp=0xc008739d58 pc=0x4be516 os.(*Process).blockUntilWaitable(0xc016b6c480) /usr/local/go/src/os/wait_waitid.go:32 +0x87 fp=0xc008739eb8 sp=0xc008739de0 pc=0x4ea887 os.(*Process).wait(0xc016b6c480) /usr/local/go/src/os/exec_unix.go:22 +0x28 fp=0xc008739f18 sp=0xc008739eb8 pc=0x4e3b08 os.(*Process).Wait(...) /usr/local/go/src/os/exec.go:132 os/exec.(*Cmd).Wait(0xc013f982c0) /usr/local/go/src/os/exec/exec.go:890 +0x45 fp=0xc008739f80 sp=0xc008739f18 pc=0x5283a5 github.com/google/syzkaller/pkg/ipc.makeCommand.func3(0xc02773e230) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:652 +0x32 fp=0xc008739fc8 sp=0xc008739f80 pc=0x906df2 github.com/google/syzkaller/pkg/ipc.makeCommand.func8() /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:657 +0x2a fp=0xc008739fe0 sp=0xc008739fc8 pc=0x906d8a runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc008739fe8 sp=0xc008739fe0 pc=0x469781 created by github.com/google/syzkaller/pkg/ipc.makeCommand /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:651 +0xc7c