ASan: Unauthorized Access in knote
2 views
Skip to first unread message
syzbot
Apr 7, 2019, 7:52:06 PM4/7/19
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: a10759f0 Mesa updated. And we're still a version behind so..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17ccd7cd200000
dashboard link: https://syzkaller.appspot.com/bug?extid=0c04426f290f602f05b6
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0c0442...@syzkaller.appspotmail.com
[ 2408.1272822] ASan: Unauthorized Access In 0xffffffff80f7111c: Addr
0xffff970012faa248 [8 bytes, read, RedZone]
[ 2408.1397956] #0 0xffffffff80f7111c in knote <netbsd>
[ 2408.1523112] #1 0xffffffff8102dd1b in selnotify <netbsd>
[ 2408.1523112] #2 0xffffffff81025f43 in pipeselwakeup <netbsd>
[ 2408.1648281] #3 0xffffffff81026222 in pipeclose.part.0 <netbsd>
[ 2408.1773422] #4 0xffffffff810264c2 in pipe_close <netbsd>
09:06:10 executing program 4:
r0 = socket$unix(0x1, 0x1, 0x0)
shmget(0x1, 0x3000, 0x2, &(0x7f0000ffb000/0x3000)=nil)
r1 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0xffff, 0x100b, &(0x7f0000000100)={0x1000,
0x5}, 0x10)
ftruncate(r0, 0x4)
semget$private(0x0, 0x2, 0x10)
bind$unix(r1,
&(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x0)
r2 = semget(0x1, 0x4, 0x100)
semctl$SETALL(r2, 0x0, 0x9, &(0x7f0000000280)=[0x1aa])
writev(r1,
&(0x7f0000000480)=[{&(0x7f0000000380)="74069ec57a9b72cb469b6f223c60e3a745eb2dae8c5426bbfa2d95539520e7671066a158bfdf48a3663e5c6d126c6a0e916fe0404bf67e031c71e8d2485dcc53e5c3adf2efb08f18b508a745165541192b0b9a0037a0ecaa5d5de7ee0d493c165935ec6d8fbca636f0046b6e9575ee408e337511cc1fbd68af5b10ed3ed69590ef87b319a9749b15897ff8c55e4445e92ce7360c0a2459eb3794441674d19d51b8a9ab86fc31e23d13b168ec52219acec3290982503c3c2190b016895f8ed56340bfa85db4d2a12d1cb22a8d52731067aae89d94335fc65eef27cf",
0xdb}], 0x1)
listen(r1, 0x0)
paccept(r1, &(0x7f00000002c0)=@in, &(0x7f0000000340)=0xc, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
connect$unix(r0,
&(0x7f0000000140)=ANY=[@ANYBLOB="5dfd7fbc49c2729bc7735feec47baccac193ebe700754e3bfbe703dced30aec18ae7fca655f598a8f04d62d12f6fff99150971d880c13235d4d196dea82df470d2be1ca79650a978ec280c00004daacdb42ab299b520d39bb0d3d8c9f96051a5869a81944e0591e7ba1ce68ba2482ce77b75a09155eb1a8d65fc2d7e8192d6a94cd8a16275afad7bda45ca43759bf7fff23b55629f26319e6014f1aeeea217848198c5fd9aca222b4bc32341c4e376d5c8c887c8e326c843856ea2fc173567e41b98d7e3ab02c7c2a5a8ae1989f0a150342f02f958804b008119cafb580c34cf633eb73b3626d13e9dbde724bdb37f5349bd99d63d18055bb6874c67e5ed6bee3f57d34b4b0dd17f178c"],
0x1)
r3 = dup2(r1, r0)
getsockopt$sock_timeval(r3, 0xffff, 0x100b, &(0x7f0000000080),
&(0x7f00000000c0)=0x10)
mknodat(r3, &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x3)
r4 = semget$private(0x0, 0x3, 0x52)
semop(r4, &(0x7f0000000280), 0x0)
r5 = accept(r0, 0x0, 0x0)
connect(r5,
&(0x7f00000004c0)=ANY=[@ANYBLOB="0100e91f7189591e9233614b0040e566b52aa1ebc7bc63239d7e1ad205549b2f3a8c77f8937fac77cd54c696afffd740cd2cce56133e7437f9c06bfb2e810fce3f6a2b0246b6deafd0849abef1368f9e4c124245fa02d53193740df01ace50c47eef8d1a06006e6f20c854bdbd72fa985f9159bb93f57b5517820e301a6293be6deefb35de758e6ea43db8a09ad081f51192928dad7cf6a8813f6aaa948468e96491"],
0xd)
09:06:10 executing program 3:
r0 = accept(0xffffffffffffff9c, &(0x7f0000000180)=@in,
&(0x7f00000001c0)=0xc)
setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0x68, &(0x7f00000002c0)={{0x18,
0x1, 0x7c3f, 0x80}, {0x18, 0x1, 0x200, 0x2}, 0x6, [0x0, 0x624,
0xfffffffffffffff7, 0x8, 0x7ff, 0x5, 0x38c, 0x7]}, 0x3c)
r1 = socket$inet6(0x18, 0x60000001, 0x1ff)
r2 = dup(0xffffffffffffffff)
r3 = open(&(0x7f0000000200)='./file0\x00', 0x2, 0x3)
poll(&(0x7f0000000280)=[{r0, 0x80}, {r1, 0x8}, {r2}, {r3, 0x80}], 0x4, 0x7)
select(0x40, &(0x7f0000000000)={0xffffffffffffff7f, 0x4, 0x5, 0x1, 0x2,
0x1, 0x0, 0x9}, &(0x7f00000000c0)={0x80000000, 0x3, 0x100, 0x4, 0x27a7,
0xd1, 0x7, 0x4}, &(0x7f0000000100)={0x1, 0x80, 0x8, 0x3, 0xb40, 0x8,
0xfffffffffffffff8, 0x80000000}, &(0x7f0000000140)={0x5, 0x2})
select(0x0, 0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000240))
[ 2408.1773422] #5 0xffffffff80f686b0 in closef <netbsd>
[ 2408.1898576] #6 0xffffffff80f6c375 in fd_free <netbsd>
[ 2408.2023746] #7 0xffffffff80f7988c in exit1 <netbsd>
[ 2408.2023746] #8 0xffffffff80fb7604 in sigexit <netbsd>
[ 2408.2148879] #9 0xffffffff80fb7d47 in sendsig <netbsd>
[ 2408.2148879] #10 0xffffffff80f8b191 in lwp_userret <netbsd>
[ 2408.2274042] #11 0xffffffff8026b493 in syscall <netbsd>
[ 2408.2399216] ASan: Unauthorized Access In 0xffffffff80f7112c: Addr
0xffff970012faa2a8 [8 bytes, read, RedZone]
09:06:10 executing program 5:
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff,
<r1=>0xffffffffffffffff})
readv(r1, &(0x7f0000001140)=[{&(0x7f0000000040)=""/234, 0xea},
{&(0x7f0000000140)=""/4096, 0x1000}], 0x2)
ftruncate(r0, 0x4)
getpeername$unix(r0, &(0x7f0000001180)=@abs, &(0x7f00000011c0)=0x8)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6698222ad651784b, 0x11, r1,
0x0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r0)
recvfrom$inet6(r2, &(0x7f0000001200)=""/75, 0x4b, 0x40,
&(0x7f0000001280)={0x18, 0x0, 0xfff, 0xadf}, 0xc)
linkat(r2, &(0x7f00000012c0)='./file0\x00', r2,
&(0x7f0000001300)='./file0\x00', 0x400)
msgget$private(0x0, 0x208)
fchmodat(r2, &(0x7f0000001340)='./file0\x00', 0x4a, 0x200)
r3 = shmget(0x0, 0x1000, 0x1, &(0x7f0000ffe000/0x1000)=nil)
shmctl$SHM_UNLOCK(r3, 0x4)
shmget(0x0, 0x1000, 0x2, &(0x7f0000ffd000/0x1000)=nil)
r4 = fcntl$dupfd(r2, 0xc, r1)
recvfrom(r2, &(0x7f0000001380)=""/136, 0x88, 0x0,
&(0x7f0000001440)=@in={0x2, 0x1}, 0xc)
bind$inet6(r4, &(0x7f0000001480)={0x18, 0x3, 0x8, 0x6}, 0xc)
close(r2)
getpeername$unix(r2, &(0x7f00000014c0)=@file={0x0, ""/50},
&(0x7f0000001500)=0x34)
r5 = dup2(r0, r0)
getsockopt$SO_PEERCRED(r2, 0xffff, 0x11, &(0x7f0000001540), 0xc)
fchdir(r2)
connect$unix(r2, &(0x7f0000001580)=@file={0x0, './file0\x00'}, 0xa)
accept$inet6(r4, &(0x7f00000015c0), &(0x7f0000001600)=0xc)
getsockopt$SO_PEERCRED(r0, 0xffff, 0x11, &(0x7f0000001640), 0xc)
getsockopt(r4, 0xffffffff, 0x4, &(0x7f0000001680)=""/65,
&(0x7f0000001700)=0x41)
writev(r5,
&(0x7f00000017c0)=[{&(0x7f0000001740)="0ec411e474160512eb42fbb461f04ca94f4e5766a7288ddcd1704cad922e6b2ed197f4de8b81a01cd81acd88e0b2462bd745c9f11949a76e960350eab89a485797f7236d4c993cbe2b7c32143069a74094c12a",
0x53}], 0x1)
readlinkat(0xffffffffffffffff, &(0x7f0000001800)='./file0\x00',
&(0x7f0000001840)=""/206, 0xce)
connect$unix(r4, &(0x7f0000001940)=@file={0x0, './file0\x00'}, 0xa)
getpeername(r4, &(0x7f0000001980)=@un=@abs, &(0x7f00000019c0)=0x8)
bind(r2, &(0x7f0000001a00)=@in6={0x18, 0x3, 0x6, 0x4}, 0xc)
[ 2408.2524361] #0 0xffffffff80f7112c in knote <netbsd>
[ 2408.2524361] #1 0xffffffff8102dd1b in selnotify <netbsd>
[ 2408.2649660] #2 0xffffffff81025f43 in pipeselwakeup <netbsd>
[ 2408.2649660] #3 0xffffffff81026222 in pipeclose.part.0 <netbsd>
[ 2408.2774692] #4 0xffffffff810264c2 in pipe_close <netbsd>
[ 2408.2899834] #5 0xffffffff80f686b0 in closef <netbsd>
[ 2408.2899834] #6 0xffffffff80f6c375 in fd_free <netbsd>
[ 2408.3024987] #7 0xffffffff80f7988c in exit1 <netbsd>
[ 2408.3150181] #8 0xffffffff80fb7604 in sigexit <netbsd>
[ 2408.3150181] #9 0xffffffff80fb7d47 in sendsig <netbsd>
[ 2408.3275307] #10 0xffffffff80f8b191 in lwp_userret <netbsd>
[ 2408.3275307] #11 0xffffffff8026b493 in syscall <netbsd>
[ 2408.3400458] panic: kernel diagnostic assertion "kn->kn_fop != NULL"
failed: file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_event.c",
line 1653
[ 2408.3525705] cpu1: Begin traceback...
[ 2408.3650766] vpanic() at netbsd:vpanic+0x214
[ 2408.3775954] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 2408.3901096] knote() at netbsd:knote+0x117
[ 2408.4026242] selnotify() at netbsd:selnotify+0x30
[ 2408.4151411] pipeselwakeup() at netbsd:pipeselwakeup+0x47
[ 2408.4401737] pipeclose.part.0() at netbsd:pipeclose.part.0+0x8a
[ 2408.4527030] pipe_close() at netbsd:pipe_close+0x2b
[ 2408.4652048] closef() at netbsd:closef+0xf3
[ 2408.4777201] fd_free() at netbsd:fd_free+0x174
[ 2408.4902363] exit1() at netbsd:exit1+0x265
[ 2408.5027520] sigexit() at netbsd:sigexit+0x33c
[ 2408.5152673] sendsig() at netbsd:sendsig
[ 2408.5277821] lwp_userret() at netbsd:lwp_userret+0x2db
[ 2408.5402995] syscall() at netbsd:syscall+0x413
[ 2408.5402995] --- syscall (number 32) ---
[ 2408.5528138] 707b9fe3e02a:
[ 2408.5528138] cpu1: End traceback...
[ 2408.5653307] dumping to dev 4,1 (offset=0, size=0): not possible
[ 2408.5653307] rebooting...
SeaBIOS (version 1.8.2-20190322_093631-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f29c0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: a10759f0 Mesa updated. And we're still a version behind so..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17ccd7cd200000
dashboard link: https://syzkaller.appspot.com/bug?extid=0c04426f290f602f05b6
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0c0442...@syzkaller.appspotmail.com
[ 2408.1272822] ASan: Unauthorized Access In 0xffffffff80f7111c: Addr
0xffff970012faa248 [8 bytes, read, RedZone]
[ 2408.1397956] #0 0xffffffff80f7111c in knote <netbsd>
[ 2408.1523112] #1 0xffffffff8102dd1b in selnotify <netbsd>
[ 2408.1523112] #2 0xffffffff81025f43 in pipeselwakeup <netbsd>
[ 2408.1648281] #3 0xffffffff81026222 in pipeclose.part.0 <netbsd>
[ 2408.1773422] #4 0xffffffff810264c2 in pipe_close <netbsd>
09:06:10 executing program 4:
r0 = socket$unix(0x1, 0x1, 0x0)
shmget(0x1, 0x3000, 0x2, &(0x7f0000ffb000/0x3000)=nil)
r1 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0xffff, 0x100b, &(0x7f0000000100)={0x1000,
0x5}, 0x10)
ftruncate(r0, 0x4)
semget$private(0x0, 0x2, 0x10)
bind$unix(r1,
&(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x0)
r2 = semget(0x1, 0x4, 0x100)
semctl$SETALL(r2, 0x0, 0x9, &(0x7f0000000280)=[0x1aa])
writev(r1,
&(0x7f0000000480)=[{&(0x7f0000000380)="74069ec57a9b72cb469b6f223c60e3a745eb2dae8c5426bbfa2d95539520e7671066a158bfdf48a3663e5c6d126c6a0e916fe0404bf67e031c71e8d2485dcc53e5c3adf2efb08f18b508a745165541192b0b9a0037a0ecaa5d5de7ee0d493c165935ec6d8fbca636f0046b6e9575ee408e337511cc1fbd68af5b10ed3ed69590ef87b319a9749b15897ff8c55e4445e92ce7360c0a2459eb3794441674d19d51b8a9ab86fc31e23d13b168ec52219acec3290982503c3c2190b016895f8ed56340bfa85db4d2a12d1cb22a8d52731067aae89d94335fc65eef27cf",
0xdb}], 0x1)
listen(r1, 0x0)
paccept(r1, &(0x7f00000002c0)=@in, &(0x7f0000000340)=0xc, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
connect$unix(r0,
&(0x7f0000000140)=ANY=[@ANYBLOB="5dfd7fbc49c2729bc7735feec47baccac193ebe700754e3bfbe703dced30aec18ae7fca655f598a8f04d62d12f6fff99150971d880c13235d4d196dea82df470d2be1ca79650a978ec280c00004daacdb42ab299b520d39bb0d3d8c9f96051a5869a81944e0591e7ba1ce68ba2482ce77b75a09155eb1a8d65fc2d7e8192d6a94cd8a16275afad7bda45ca43759bf7fff23b55629f26319e6014f1aeeea217848198c5fd9aca222b4bc32341c4e376d5c8c887c8e326c843856ea2fc173567e41b98d7e3ab02c7c2a5a8ae1989f0a150342f02f958804b008119cafb580c34cf633eb73b3626d13e9dbde724bdb37f5349bd99d63d18055bb6874c67e5ed6bee3f57d34b4b0dd17f178c"],
0x1)
r3 = dup2(r1, r0)
getsockopt$sock_timeval(r3, 0xffff, 0x100b, &(0x7f0000000080),
&(0x7f00000000c0)=0x10)
mknodat(r3, &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x3)
r4 = semget$private(0x0, 0x3, 0x52)
semop(r4, &(0x7f0000000280), 0x0)
r5 = accept(r0, 0x0, 0x0)
connect(r5,
&(0x7f00000004c0)=ANY=[@ANYBLOB="0100e91f7189591e9233614b0040e566b52aa1ebc7bc63239d7e1ad205549b2f3a8c77f8937fac77cd54c696afffd740cd2cce56133e7437f9c06bfb2e810fce3f6a2b0246b6deafd0849abef1368f9e4c124245fa02d53193740df01ace50c47eef8d1a06006e6f20c854bdbd72fa985f9159bb93f57b5517820e301a6293be6deefb35de758e6ea43db8a09ad081f51192928dad7cf6a8813f6aaa948468e96491"],
0xd)
09:06:10 executing program 3:
r0 = accept(0xffffffffffffff9c, &(0x7f0000000180)=@in,
&(0x7f00000001c0)=0xc)
setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0x68, &(0x7f00000002c0)={{0x18,
0x1, 0x7c3f, 0x80}, {0x18, 0x1, 0x200, 0x2}, 0x6, [0x0, 0x624,
0xfffffffffffffff7, 0x8, 0x7ff, 0x5, 0x38c, 0x7]}, 0x3c)
r1 = socket$inet6(0x18, 0x60000001, 0x1ff)
r2 = dup(0xffffffffffffffff)
r3 = open(&(0x7f0000000200)='./file0\x00', 0x2, 0x3)
poll(&(0x7f0000000280)=[{r0, 0x80}, {r1, 0x8}, {r2}, {r3, 0x80}], 0x4, 0x7)
select(0x40, &(0x7f0000000000)={0xffffffffffffff7f, 0x4, 0x5, 0x1, 0x2,
0x1, 0x0, 0x9}, &(0x7f00000000c0)={0x80000000, 0x3, 0x100, 0x4, 0x27a7,
0xd1, 0x7, 0x4}, &(0x7f0000000100)={0x1, 0x80, 0x8, 0x3, 0xb40, 0x8,
0xfffffffffffffff8, 0x80000000}, &(0x7f0000000140)={0x5, 0x2})
select(0x0, 0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000240))
[ 2408.1773422] #5 0xffffffff80f686b0 in closef <netbsd>
[ 2408.1898576] #6 0xffffffff80f6c375 in fd_free <netbsd>
[ 2408.2023746] #7 0xffffffff80f7988c in exit1 <netbsd>
[ 2408.2023746] #8 0xffffffff80fb7604 in sigexit <netbsd>
[ 2408.2148879] #9 0xffffffff80fb7d47 in sendsig <netbsd>
[ 2408.2148879] #10 0xffffffff80f8b191 in lwp_userret <netbsd>
[ 2408.2274042] #11 0xffffffff8026b493 in syscall <netbsd>
[ 2408.2399216] ASan: Unauthorized Access In 0xffffffff80f7112c: Addr
0xffff970012faa2a8 [8 bytes, read, RedZone]
09:06:10 executing program 5:
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff,
<r1=>0xffffffffffffffff})
readv(r1, &(0x7f0000001140)=[{&(0x7f0000000040)=""/234, 0xea},
{&(0x7f0000000140)=""/4096, 0x1000}], 0x2)
ftruncate(r0, 0x4)
getpeername$unix(r0, &(0x7f0000001180)=@abs, &(0x7f00000011c0)=0x8)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6698222ad651784b, 0x11, r1,
0x0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r0)
recvfrom$inet6(r2, &(0x7f0000001200)=""/75, 0x4b, 0x40,
&(0x7f0000001280)={0x18, 0x0, 0xfff, 0xadf}, 0xc)
linkat(r2, &(0x7f00000012c0)='./file0\x00', r2,
&(0x7f0000001300)='./file0\x00', 0x400)
msgget$private(0x0, 0x208)
fchmodat(r2, &(0x7f0000001340)='./file0\x00', 0x4a, 0x200)
r3 = shmget(0x0, 0x1000, 0x1, &(0x7f0000ffe000/0x1000)=nil)
shmctl$SHM_UNLOCK(r3, 0x4)
shmget(0x0, 0x1000, 0x2, &(0x7f0000ffd000/0x1000)=nil)
r4 = fcntl$dupfd(r2, 0xc, r1)
recvfrom(r2, &(0x7f0000001380)=""/136, 0x88, 0x0,
&(0x7f0000001440)=@in={0x2, 0x1}, 0xc)
bind$inet6(r4, &(0x7f0000001480)={0x18, 0x3, 0x8, 0x6}, 0xc)
close(r2)
getpeername$unix(r2, &(0x7f00000014c0)=@file={0x0, ""/50},
&(0x7f0000001500)=0x34)
r5 = dup2(r0, r0)
getsockopt$SO_PEERCRED(r2, 0xffff, 0x11, &(0x7f0000001540), 0xc)
fchdir(r2)
connect$unix(r2, &(0x7f0000001580)=@file={0x0, './file0\x00'}, 0xa)
accept$inet6(r4, &(0x7f00000015c0), &(0x7f0000001600)=0xc)
getsockopt$SO_PEERCRED(r0, 0xffff, 0x11, &(0x7f0000001640), 0xc)
getsockopt(r4, 0xffffffff, 0x4, &(0x7f0000001680)=""/65,
&(0x7f0000001700)=0x41)
writev(r5,
&(0x7f00000017c0)=[{&(0x7f0000001740)="0ec411e474160512eb42fbb461f04ca94f4e5766a7288ddcd1704cad922e6b2ed197f4de8b81a01cd81acd88e0b2462bd745c9f11949a76e960350eab89a485797f7236d4c993cbe2b7c32143069a74094c12a",
0x53}], 0x1)
readlinkat(0xffffffffffffffff, &(0x7f0000001800)='./file0\x00',
&(0x7f0000001840)=""/206, 0xce)
connect$unix(r4, &(0x7f0000001940)=@file={0x0, './file0\x00'}, 0xa)
getpeername(r4, &(0x7f0000001980)=@un=@abs, &(0x7f00000019c0)=0x8)
bind(r2, &(0x7f0000001a00)=@in6={0x18, 0x3, 0x6, 0x4}, 0xc)
[ 2408.2524361] #0 0xffffffff80f7112c in knote <netbsd>
[ 2408.2524361] #1 0xffffffff8102dd1b in selnotify <netbsd>
[ 2408.2649660] #2 0xffffffff81025f43 in pipeselwakeup <netbsd>
[ 2408.2649660] #3 0xffffffff81026222 in pipeclose.part.0 <netbsd>
[ 2408.2774692] #4 0xffffffff810264c2 in pipe_close <netbsd>
[ 2408.2899834] #5 0xffffffff80f686b0 in closef <netbsd>
[ 2408.2899834] #6 0xffffffff80f6c375 in fd_free <netbsd>
[ 2408.3024987] #7 0xffffffff80f7988c in exit1 <netbsd>
[ 2408.3150181] #8 0xffffffff80fb7604 in sigexit <netbsd>
[ 2408.3150181] #9 0xffffffff80fb7d47 in sendsig <netbsd>
[ 2408.3275307] #10 0xffffffff80f8b191 in lwp_userret <netbsd>
[ 2408.3275307] #11 0xffffffff8026b493 in syscall <netbsd>
[ 2408.3400458] panic: kernel diagnostic assertion "kn->kn_fop != NULL"
failed: file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_event.c",
line 1653
[ 2408.3525705] cpu1: Begin traceback...
[ 2408.3650766] vpanic() at netbsd:vpanic+0x214
[ 2408.3775954] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 2408.3901096] knote() at netbsd:knote+0x117
[ 2408.4026242] selnotify() at netbsd:selnotify+0x30
[ 2408.4151411] pipeselwakeup() at netbsd:pipeselwakeup+0x47
[ 2408.4401737] pipeclose.part.0() at netbsd:pipeclose.part.0+0x8a
[ 2408.4527030] pipe_close() at netbsd:pipe_close+0x2b
[ 2408.4652048] closef() at netbsd:closef+0xf3
[ 2408.4777201] fd_free() at netbsd:fd_free+0x174
[ 2408.4902363] exit1() at netbsd:exit1+0x265
[ 2408.5027520] sigexit() at netbsd:sigexit+0x33c
[ 2408.5152673] sendsig() at netbsd:sendsig
[ 2408.5277821] lwp_userret() at netbsd:lwp_userret+0x2db
[ 2408.5402995] syscall() at netbsd:syscall+0x413
[ 2408.5402995] --- syscall (number 32) ---
[ 2408.5528138] 707b9fe3e02a:
[ 2408.5528138] cpu1: End traceback...
[ 2408.5653307] dumping to dev 4,1 (offset=0, size=0): not possible
[ 2408.5653307] rebooting...
SeaBIOS (version 1.8.2-20190322_093631-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f29c0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Maxime Villard
Jun 25, 2019, 12:49:01 PM6/25/19
to syzbot, syzkaller-...@googlegroups.com
Seems to have been another bug related to "assert failed: mutex_owned(pipe->pipe_lock)",
now fixed.
#syz invalid
now fixed.
#syz invalid
Reply all
Reply to author
Forward
0 new messages