assert failed: kn->kn_fop != NULL
1 view
Skip to first unread message
syzbot
Apr 19, 2019, 2:25:06 AM4/19/19
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 5ece569c Implement a simple psref leak detector
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=122db967200000
dashboard link: https://syzkaller.appspot.com/bug?extid=feb1f969f6c243f97b3b
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+feb1f9...@syzkaller.appspotmail.com
[ 509.7949699] panic: kernel diagnostic assertion "kn->kn_fop != NULL"
failed: file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_event.c",
line 1653
[ 509.8049881] cpu1: Begin traceback...
[ 509.8150041] vpanic() at netbsd:vpanic+0x214
[ 509.8250217] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 509.8350367] knote() at netbsd:knote+0x117
[ 509.8450532] selnotify() at netbsd:selnotify+0x30
[ 509.8550687] pipeselwakeup() at netbsd:pipeselwakeup+0x47
[ 509.8751027] pipeclose.part.0() at netbsd:pipeclose.part.0+0x8a
[ 509.8851189] pipe_close() at netbsd:pipe_close+0x2b
[ 509.8951340] closef() at netbsd:closef+0xf3
[ 509.9051505] fd_free() at netbsd:fd_free+0x174
[ 509.9151678] exit1() at netbsd:exit1+0x265
[ 509.9251867] sigexit() at netbsd:sigexit+0x33c
[ 509.9352001] sendsig() at netbsd:sendsig
[ 509.9452186] lwp_userret() at netbsd:lwp_userret+0x2db
[ 509.9552354] syscall() at netbsd:syscall+0x42d
[ 509.9552354] --- syscall (number 32) ---
[ 509.9652495] 7cd51c03e02a:
[ 509.9652495] cpu1: End traceback...
[ 509.9752653] dumping to dev 4,1 (offset=0, size=0): not possible
[ 509.9752653] rebooting...
SeaBIOS (version 1.8.2-20190322_093631-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f29c0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 5ece569c Implement a simple psref leak detector
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=122db967200000
dashboard link: https://syzkaller.appspot.com/bug?extid=feb1f969f6c243f97b3b
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+feb1f9...@syzkaller.appspotmail.com
[ 509.7949699] panic: kernel diagnostic assertion "kn->kn_fop != NULL"
failed: file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_event.c",
line 1653
[ 509.8049881] cpu1: Begin traceback...
[ 509.8150041] vpanic() at netbsd:vpanic+0x214
[ 509.8250217] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 509.8350367] knote() at netbsd:knote+0x117
[ 509.8450532] selnotify() at netbsd:selnotify+0x30
[ 509.8550687] pipeselwakeup() at netbsd:pipeselwakeup+0x47
[ 509.8751027] pipeclose.part.0() at netbsd:pipeclose.part.0+0x8a
[ 509.8851189] pipe_close() at netbsd:pipe_close+0x2b
[ 509.8951340] closef() at netbsd:closef+0xf3
[ 509.9051505] fd_free() at netbsd:fd_free+0x174
[ 509.9151678] exit1() at netbsd:exit1+0x265
[ 509.9251867] sigexit() at netbsd:sigexit+0x33c
[ 509.9352001] sendsig() at netbsd:sendsig
[ 509.9452186] lwp_userret() at netbsd:lwp_userret+0x2db
[ 509.9552354] syscall() at netbsd:syscall+0x42d
[ 509.9552354] --- syscall (number 32) ---
[ 509.9652495] 7cd51c03e02a:
[ 509.9652495] cpu1: End traceback...
[ 509.9752653] dumping to dev 4,1 (offset=0, size=0): not possible
[ 509.9752653] rebooting...
SeaBIOS (version 1.8.2-20190322_093631-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f29c0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Maxime Villard
Apr 27, 2019, 6:48:40 AM4/27/19
to syzbot, syzkaller-...@googlegroups.com
Duplicate; the real bug here is that 'kn' is already freed, so 'kn_fop'
can contain garbage. KASAN doesn't see it because the timing is too
narrow.
#syz dup: ASan: Unauthorized Access in knote
can contain garbage. KASAN doesn't see it because the timing is too
narrow.
#syz dup: ASan: Unauthorized Access in knote
Reply all
Reply to author
Forward
0 new messages