assert "rn != NULL" failed in pipex.c (3)
0 views
Skip to first unread message
syzbot
Jun 4, 2026, 7:54:32 PM (2 days ago) Jun 4
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: e098f50ba37b systat: prepare userland for upcoming buffer ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15cb5a86580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=11f4d8ec26a5afb14636
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3585eb1ceba9/disk-e098f50b.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/f67ca3625e44/bsd-e098f50b.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c5cbea78648b/kernel-e098f50b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+11f4d8...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "rn != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/pipex.c", line 459
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8348716e) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff834c301a,ffffffff8341a01f,1cb,ffffffff8347bd21) at __assert+0x29 sys/kern/subr_prf.c:-1
pipex_unlink_session_locked(ffff8000ffff69e0) at pipex_unlink_session_locked+0x429
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 pipex_rele_session sys/net/pipex.c:-1 [inline]
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 sys/net/pipex.c:151
pppacclose(6381,1,2000,ffff80002a77dca0) at pppacclose+0x16f sys/net/if_pppx.c:1335
spec_close(ffff80003c90d720) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffa806174db48,1,fffffa8007ffd680,ffff80002a77dca0) at VOP_CLOSE+0x129 sys/kern/vfs_vops.c:156
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d sys/kern/vfs_vnops.c:621
fdrop(fffffa806d236c48,ffff80002a77dca0) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffa806d236c48,ffff80002a77dca0) at closef+0x190 sys/kern/kern_descrip.c:1265
fdfree(ffff80002a77dca0) at fdfree+0x115 sys/kern/kern_descrip.c:1196
exit1(ffff80002a77dca0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80002a77dca0,ffff80003c90da80,ffff80003c90d9d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
end trace frame: 0xffff80003c90da70, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "rn != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/pipex.c", line 459
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8348716e) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff834c301a,ffffffff8341a01f,1cb,ffffffff8347bd21) at __assert+0x29 sys/kern/subr_prf.c:-1
pipex_unlink_session_locked(ffff8000ffff69e0) at pipex_unlink_session_locked+0x429
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 pipex_rele_session sys/net/pipex.c:-1 [inline]
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 sys/net/pipex.c:151
pppacclose(6381,1,2000,ffff80002a77dca0) at pppacclose+0x16f sys/net/if_pppx.c:1335
spec_close(ffff80003c90d720) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffa806174db48,1,fffffa8007ffd680,ffff80002a77dca0) at VOP_CLOSE+0x129 sys/kern/vfs_vops.c:156
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d sys/kern/vfs_vnops.c:621
fdrop(fffffa806d236c48,ffff80002a77dca0) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffa806d236c48,ffff80002a77dca0) at closef+0x190 sys/kern/kern_descrip.c:1265
fdfree(ffff80002a77dca0) at fdfree+0x115 sys/kern/kern_descrip.c:1196
exit1(ffff80002a77dca0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80002a77dca0,ffff80003c90da80,ffff80003c90d9d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c90da80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c90da80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7cb0f6529630, count: -16
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c90d500
rbx 0x1
rdx 0
rcx 0
rax 0xffff80002a77dca0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xb022dcd74cd5f1aa
r11 0xd8966060c7da5182
r12 0
r13 0
r14 0
r15 0x1
rip 0xffffffff82f20b05 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c90d4f0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=127087 pid=98688 tcnt=0 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0xffff80002a77dca0 scnt=-1 ecnt=1
forw=0xffffffffffffffff, list=0xffff80002a77ca78,0xffff80002a77d4e8
process=0xffff8000ffff8498 user=0xffff80003c908000, vmspace=0xfffffa807e3b5a28
estcpu=0, cpticks=6, pctcpu=0.2, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
895 248382 90059 0 3 0x80 nanoslp syz-executor
895 428328 90059 0 3 0x4000080 msgwait syz-executor
895 203554 90059 0 3 0x4000080 fsleep syz-executor
93918 34821 44322 60929 2 0x10 syz-executor
93918 250439 44322 60929 2 0x4000010 syz-executor
5402 333527 94971 0 2 0 syz-executor
19982 391114 72828 0 2 0 syz-executor
19982 146681 72828 0 2 0x4000000 syz-executor
17667 519252 18770 0 2 0x1 syz-executor
17667 60707 18770 0 3 0x4000081 fsleep syz-executor
97661 155439 15308 0 2 0 syz-executor
97661 21601 15308 0 3 0x4000080 lockf syz-executor
97661 43154 15308 0 3 0x4000080 lockf syz-executor
15308 137930 70325 0 3 0x82 nanoslp syz-executor
25884 38535 70325 0 2 0x10000082 syz-executor
70603 424096 70325 0 3 0x82 nanoslp syz-executor
18770 59053 70325 0 2 0xc82 syz-executor
72828 90695 70325 0 2 0xc82 syz-executor
44322 120040 70325 0 3 0x82 nanoslp syz-executor
94971 2895 70325 0 3 0x82 nanoslp syz-executor
90059 95905 70325 0 3 0x82 nanoslp syz-executor
70325 202290 7499 0 3 0x82 kqread syz-executor
7499 364598 3171 0 3 0x10008a sigsusp ksh
3171 45772 68988 0 3 0x98 kqread sshd-session
68988 197996 99725 0 3 0x92 kqread sshd-session
59580 515956 1 0 3 0x100083 ttyin getty
99725 57215 1 0 3 0x88 kqread sshd
76419 80283 94211 73 3 0x1100090 kqread syslogd
94211 339801 1 0 3 0x100082 sbwait syslogd
24229 485713 1 0 3 0x100080 kqread resolvd
69032 150371 75544 77 2 0x100012 dhcpleased
19974 81632 75544 77 3 0x100092 kqread dhcpleased
75544 20524 1 0 3 0x80 kqread dhcpleased
19847 388632 0 0 3 0x14200 bored smr
54778 95022 0 0 2 0x14200 zerothread
99161 334166 0 0 3 0x14200 aiodoned aiodoned
56522 123154 0 0 3 0x14200 syncer update
7443 292516 0 0 3 0x14200 cleaner cleaner
85423 124413 0 0 3 0x14200 reaper reaper
96339 484681 0 0 3 0x14200 pgdaemon pagedaemon
84269 300256 0 0 3 0x14200 bored viomb
81850 313618 0 0 3 0x40014200 acpi0 acpi0
79492 105790 0 0 3 0x14200 bored softnet0
63063 213673 0 0 3 0x14200 bored systqmp
46215 499750 0 0 3 0x14200 bored systq
33972 153261 0 0 3 0x40014200 tmoslp softclock
3455 439428 0 0 3 0x40014200 idle0
1 473357 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11038 12178K 12373K 166960K 12226 0
pcb 18 14K 16K 166960K 117 0
rtable 250 8K 8K 166960K 414 0
pf 32 13K 20K 166960K 53 0
ifaddr 42 7K 7K 166960K 56 0
ifgroup 50 2K 2K 166960K 66 0
sysctl 2 1K 9K 166960K 6 0
counters 34 17K 18K 166960K 43 0
ioctlops 0 0K 4K 166960K 47 0
iov 0 0K 4K 166960K 68 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1301 82K 82K 166960K 1432 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 4 0
VM map 2 1K 1K 166960K 2 0
sem 6 0K 0K 166960K 6 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 257 0
sigio 0 0K 0K 166960K 1 0
proc 60 59K 100K 166960K 540 0
subproc 72 4K 4K 166960K 83 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 2 0K 0K 166960K 12 0
in_multi 100 7K 7K 166960K 113 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 8 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 61 281K 281K 166960K 61 0
exec 0 0K 1K 166960K 392 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 213 142K 152K 166960K 3810 0
UVM aobj 3 2K 2K 166960K 4 0
pinsyscall 38 76K 96K 166960K 1380 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 4 0
NDP 11 0K 2K 166960K 36 0
temp 37 9102K 9108K 166960K 6340 0
kqueue 16 22K 26K 166960K 42 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 48 0 45 1 0 1 1 0 8 0
rtentry 136 124 0 13 4 0 4 4 0 8 0
unpcb 144 83 0 63 1 0 1 1 0 8 0
syncache 336 4 0 4 1 1 0 1 0 8 0
tcpcb 736 97 0 91 7 6 1 7 0 8 0
arp 96 20 0 2 1 0 1 1 0 8 0
ipq 40 3 0 2 1 0 1 1 0 8 0
ipqe 40 7 0 6 1 0 1 1 0 8 0
inpcb 328 288 0 274 10 8 2 10 0 8 0
nd6 112 28 0 3 1 0 1 1 0 8 0
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1072 9 0 8 1 0 1 1 0 8 0
pfstscr 40 3 0 0 1 0 1 1 0 8 0
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstitem 24 4 0 0 1 0 1 1 0 8 0
pfstkey 128 4 0 0 1 0 1 1 0 8 0
pfstate 384 2 0 0 1 0 1 1 0 8 0
pfrule 1360 1 0 1 1 1 0 1 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 500 0 44 29 0 29 29 0 8 0
art_table 40 501 0 44 5 0 5 5 0 8 0
art_node 32 124 0 23 1 0 1 1 0 8 0
semapl 72 4 0 0 1 0 1 1 0 8 0
shmpl 112 1 0 1 1 1 0 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1736 0 266 93 0 93 93 0 8 0
ffsino 256 1736 0 266 93 0 93 93 0 8 0
nchpl 144 2065 0 358 64 0 64 64 0 8 0
rtmask 32 1 0 0 1 0 1 1 0 8 0
vnodes 216 1863 0 0 104 0 104 104 0 8 0
namei 1024 6641 0 6641 1 0 1 1 0 8 1
kstatmem 264 37 0 14 2 0 2 2 0 8 0
scxspl 216 9024 0 9024 8 7 1 8 1 8 1
plimitpl 152 201 0 184 1 0 1 1 0 8 0
sigapl 424 540 0 497 6 1 5 6 0 8 0
knotepl 120 6475 0 6280 10 3 7 10 0 8 1
kqueuepl 184 48 0 36 1 0 1 1 0 8 0
pipepl 304 130 0 103 3 0 3 3 0 8 0
fdescpl 448 527 0 498 5 1 4 5 0 8 0
filepl 120 2405 0 2173 10 2 8 10 0 8 0
lockfpl 104 44 0 39 1 0 1 1 0 8 0
lockfspl 48 16 0 13 1 0 1 1 0 8 0
sessionpl 144 27 0 18 1 0 1 1 0 8 0
pgrppl 48 36 0 19 1 0 1 1 0 8 0
ucredpl 104 212 0 200 1 0 1 1 0 8 0
zombiepl 144 499 0 497 1 0 1 1 0 8 0
processpl 1152 540 0 497 4 0 4 4 0 8 0
procpl 664 685 0 635 5 0 5 5 0 8 0
sockpl 552 425 0 388 10 7 3 10 0 8 0
mcl64k 65536 10 0 10 1 1 0 1 0 8 0
mcl16k 16384 2 0 2 1 1 0 1 0 8 0
mcl8k 8192 4 0 4 1 1 0 1 0 8 0
mcl4k 4096 2603 0 2546 14 6 8 14 0 8 0
mcl2k 2048 216 0 215 1 0 1 1 0 8 0
mtagpl 96 4 0 4 1 1 0 1 0 8 0
mbufpl 256 5526 0 5358 12 0 12 12 0 8 0
bufpl 280 3399 0 102 236 0 236 236 0 8 0
anonpl 24 96459 0 93340 52 9 43 52 0 186 0
amapchunkpl 152 10876 0 10435 23 3 20 23 0 158 0
amappl16 200 1433 0 1408 15 4 11 15 0 8 0
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 425 0 423 1 0 1 1 0 8 0
amappl13 176 115 0 105 1 0 1 1 0 8 0
amappl12 168 767 0 739 2 0 2 2 0 8 0
amappl11 160 22 0 22 1 1 0 1 0 8 0
amappl10 152 56 0 46 1 0 1 1 0 8 0
amappl9 144 272 0 272 1 1 0 1 0 8 0
amappl8 136 99 0 96 1 0 1 1 0 8 0
amappl7 128 163 0 152 1 0 1 1 0 8 0
amappl6 120 160 0 158 1 0 1 1 0 8 0
amappl5 112 106 0 99 1 0 1 1 0 8 0
amappl4 104 261 0 246 1 0 1 1 0 8 0
amappl3 96 2012 0 1911 3 0 3 3 0 8 0
amappl2 88 533 0 477 2 0 2 2 0 8 0
amappl1 80 10567 0 10023 14 2 12 14 0 8 0
amappl 88 3083 0 2933 4 0 4 4 0 92 0
uvmvnodes 80 100 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 3 0 1 1 0 1 1 0 8 0
uaddrrnd 24 527 0 498 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 527 0 498 1 0 1 1 0 8 0
vmmpekpl 168 6112 0 6082 2 0 2 2 0 8 0
vmmpepl 168 42010 0 40263 91 6 85 91 0 357 0
vmsppl 368 526 0 498 4 1 3 4 0 8 0
rwobjpl 40 14818 0 13896 13 0 13 13 0 8 0
pdppl 4096 1060 0 996 98 32 66 80 0 8 2
pvpl 32 246659 0 236978 129 20 109 129 0 265 0
pmappl 216 526 0 498 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 369 0 53 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8348716e) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff834c301a,ffffffff8341a01f,1cb,ffffffff8347bd21) at __assert+0x29 sys/kern/subr_prf.c:-1
pipex_unlink_session_locked(ffff8000ffff69e0) at pipex_unlink_session_locked+0x429
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 pipex_rele_session sys/net/pipex.c:-1 [inline]
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 sys/net/pipex.c:151
pppacclose(6381,1,2000,ffff80002a77dca0) at pppacclose+0x16f sys/net/if_pppx.c:1335
spec_close(ffff80003c90d720) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffa806174db48,1,fffffa8007ffd680,ffff80002a77dca0) at VOP_CLOSE+0x129 sys/kern/vfs_vops.c:156
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d sys/kern/vfs_vnops.c:621
fdrop(fffffa806d236c48,ffff80002a77dca0) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffa806d236c48,ffff80002a77dca0) at closef+0x190 sys/kern/kern_descrip.c:1265
fdfree(ffff80002a77dca0) at fdfree+0x115 sys/kern/kern_descrip.c:1196
exit1(ffff80002a77dca0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80002a77dca0,ffff80003c90da80,ffff80003c90d9d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c90da80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c90da80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7cb0f6529630, count: -16
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8348716e) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff834c301a,ffffffff8341a01f,1cb,ffffffff8347bd21) at __assert+0x29 sys/kern/subr_prf.c:-1
pipex_unlink_session_locked(ffff8000ffff69e0) at pipex_unlink_session_locked+0x429
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 pipex_rele_session sys/net/pipex.c:-1 [inline]
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 sys/net/pipex.c:151
pppacclose(6381,1,2000,ffff80002a77dca0) at pppacclose+0x16f sys/net/if_pppx.c:1335
spec_close(ffff80003c90d720) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffa806174db48,1,fffffa8007ffd680,ffff80002a77dca0) at VOP_CLOSE+0x129 sys/kern/vfs_vops.c:156
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d sys/kern/vfs_vnops.c:621
fdrop(fffffa806d236c48,ffff80002a77dca0) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffa806d236c48,ffff80002a77dca0) at closef+0x190 sys/kern/kern_descrip.c:1265
fdfree(ffff80002a77dca0) at fdfree+0x115 sys/kern/kern_descrip.c:1196
exit1(ffff80002a77dca0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80002a77dca0,ffff80003c90da80,ffff80003c90d9d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c90da80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c90da80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7cb0f6529630, count: -16
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: e098f50ba37b systat: prepare userland for upcoming buffer ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15cb5a86580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=11f4d8ec26a5afb14636
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3585eb1ceba9/disk-e098f50b.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/f67ca3625e44/bsd-e098f50b.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c5cbea78648b/kernel-e098f50b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+11f4d8...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "rn != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/pipex.c", line 459
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8348716e) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff834c301a,ffffffff8341a01f,1cb,ffffffff8347bd21) at __assert+0x29 sys/kern/subr_prf.c:-1
pipex_unlink_session_locked(ffff8000ffff69e0) at pipex_unlink_session_locked+0x429
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 pipex_rele_session sys/net/pipex.c:-1 [inline]
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 sys/net/pipex.c:151
pppacclose(6381,1,2000,ffff80002a77dca0) at pppacclose+0x16f sys/net/if_pppx.c:1335
spec_close(ffff80003c90d720) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffa806174db48,1,fffffa8007ffd680,ffff80002a77dca0) at VOP_CLOSE+0x129 sys/kern/vfs_vops.c:156
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d sys/kern/vfs_vnops.c:621
fdrop(fffffa806d236c48,ffff80002a77dca0) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffa806d236c48,ffff80002a77dca0) at closef+0x190 sys/kern/kern_descrip.c:1265
fdfree(ffff80002a77dca0) at fdfree+0x115 sys/kern/kern_descrip.c:1196
exit1(ffff80002a77dca0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80002a77dca0,ffff80003c90da80,ffff80003c90d9d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
end trace frame: 0xffff80003c90da70, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "rn != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/pipex.c", line 459
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8348716e) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff834c301a,ffffffff8341a01f,1cb,ffffffff8347bd21) at __assert+0x29 sys/kern/subr_prf.c:-1
pipex_unlink_session_locked(ffff8000ffff69e0) at pipex_unlink_session_locked+0x429
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 pipex_rele_session sys/net/pipex.c:-1 [inline]
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 sys/net/pipex.c:151
pppacclose(6381,1,2000,ffff80002a77dca0) at pppacclose+0x16f sys/net/if_pppx.c:1335
spec_close(ffff80003c90d720) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffa806174db48,1,fffffa8007ffd680,ffff80002a77dca0) at VOP_CLOSE+0x129 sys/kern/vfs_vops.c:156
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d sys/kern/vfs_vnops.c:621
fdrop(fffffa806d236c48,ffff80002a77dca0) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffa806d236c48,ffff80002a77dca0) at closef+0x190 sys/kern/kern_descrip.c:1265
fdfree(ffff80002a77dca0) at fdfree+0x115 sys/kern/kern_descrip.c:1196
exit1(ffff80002a77dca0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80002a77dca0,ffff80003c90da80,ffff80003c90d9d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c90da80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c90da80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7cb0f6529630, count: -16
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c90d500
rbx 0x1
rdx 0
rcx 0
rax 0xffff80002a77dca0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xb022dcd74cd5f1aa
r11 0xd8966060c7da5182
r12 0
r13 0
r14 0
r15 0x1
rip 0xffffffff82f20b05 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c90d4f0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=127087 pid=98688 tcnt=0 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0xffff80002a77dca0 scnt=-1 ecnt=1
forw=0xffffffffffffffff, list=0xffff80002a77ca78,0xffff80002a77d4e8
process=0xffff8000ffff8498 user=0xffff80003c908000, vmspace=0xfffffa807e3b5a28
estcpu=0, cpticks=6, pctcpu=0.2, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
895 248382 90059 0 3 0x80 nanoslp syz-executor
895 428328 90059 0 3 0x4000080 msgwait syz-executor
895 203554 90059 0 3 0x4000080 fsleep syz-executor
93918 34821 44322 60929 2 0x10 syz-executor
93918 250439 44322 60929 2 0x4000010 syz-executor
5402 333527 94971 0 2 0 syz-executor
19982 391114 72828 0 2 0 syz-executor
19982 146681 72828 0 2 0x4000000 syz-executor
17667 519252 18770 0 2 0x1 syz-executor
17667 60707 18770 0 3 0x4000081 fsleep syz-executor
97661 155439 15308 0 2 0 syz-executor
97661 21601 15308 0 3 0x4000080 lockf syz-executor
97661 43154 15308 0 3 0x4000080 lockf syz-executor
15308 137930 70325 0 3 0x82 nanoslp syz-executor
25884 38535 70325 0 2 0x10000082 syz-executor
70603 424096 70325 0 3 0x82 nanoslp syz-executor
18770 59053 70325 0 2 0xc82 syz-executor
72828 90695 70325 0 2 0xc82 syz-executor
44322 120040 70325 0 3 0x82 nanoslp syz-executor
94971 2895 70325 0 3 0x82 nanoslp syz-executor
90059 95905 70325 0 3 0x82 nanoslp syz-executor
70325 202290 7499 0 3 0x82 kqread syz-executor
7499 364598 3171 0 3 0x10008a sigsusp ksh
3171 45772 68988 0 3 0x98 kqread sshd-session
68988 197996 99725 0 3 0x92 kqread sshd-session
59580 515956 1 0 3 0x100083 ttyin getty
99725 57215 1 0 3 0x88 kqread sshd
76419 80283 94211 73 3 0x1100090 kqread syslogd
94211 339801 1 0 3 0x100082 sbwait syslogd
24229 485713 1 0 3 0x100080 kqread resolvd
69032 150371 75544 77 2 0x100012 dhcpleased
19974 81632 75544 77 3 0x100092 kqread dhcpleased
75544 20524 1 0 3 0x80 kqread dhcpleased
19847 388632 0 0 3 0x14200 bored smr
54778 95022 0 0 2 0x14200 zerothread
99161 334166 0 0 3 0x14200 aiodoned aiodoned
56522 123154 0 0 3 0x14200 syncer update
7443 292516 0 0 3 0x14200 cleaner cleaner
85423 124413 0 0 3 0x14200 reaper reaper
96339 484681 0 0 3 0x14200 pgdaemon pagedaemon
84269 300256 0 0 3 0x14200 bored viomb
81850 313618 0 0 3 0x40014200 acpi0 acpi0
79492 105790 0 0 3 0x14200 bored softnet0
63063 213673 0 0 3 0x14200 bored systqmp
46215 499750 0 0 3 0x14200 bored systq
33972 153261 0 0 3 0x40014200 tmoslp softclock
3455 439428 0 0 3 0x40014200 idle0
1 473357 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11038 12178K 12373K 166960K 12226 0
pcb 18 14K 16K 166960K 117 0
rtable 250 8K 8K 166960K 414 0
pf 32 13K 20K 166960K 53 0
ifaddr 42 7K 7K 166960K 56 0
ifgroup 50 2K 2K 166960K 66 0
sysctl 2 1K 9K 166960K 6 0
counters 34 17K 18K 166960K 43 0
ioctlops 0 0K 4K 166960K 47 0
iov 0 0K 4K 166960K 68 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1301 82K 82K 166960K 1432 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 4 0
VM map 2 1K 1K 166960K 2 0
sem 6 0K 0K 166960K 6 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 257 0
sigio 0 0K 0K 166960K 1 0
proc 60 59K 100K 166960K 540 0
subproc 72 4K 4K 166960K 83 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 2 0K 0K 166960K 12 0
in_multi 100 7K 7K 166960K 113 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 8 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 61 281K 281K 166960K 61 0
exec 0 0K 1K 166960K 392 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 213 142K 152K 166960K 3810 0
UVM aobj 3 2K 2K 166960K 4 0
pinsyscall 38 76K 96K 166960K 1380 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 4 0
NDP 11 0K 2K 166960K 36 0
temp 37 9102K 9108K 166960K 6340 0
kqueue 16 22K 26K 166960K 42 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 48 0 45 1 0 1 1 0 8 0
rtentry 136 124 0 13 4 0 4 4 0 8 0
unpcb 144 83 0 63 1 0 1 1 0 8 0
syncache 336 4 0 4 1 1 0 1 0 8 0
tcpcb 736 97 0 91 7 6 1 7 0 8 0
arp 96 20 0 2 1 0 1 1 0 8 0
ipq 40 3 0 2 1 0 1 1 0 8 0
ipqe 40 7 0 6 1 0 1 1 0 8 0
inpcb 328 288 0 274 10 8 2 10 0 8 0
nd6 112 28 0 3 1 0 1 1 0 8 0
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1072 9 0 8 1 0 1 1 0 8 0
pfstscr 40 3 0 0 1 0 1 1 0 8 0
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstitem 24 4 0 0 1 0 1 1 0 8 0
pfstkey 128 4 0 0 1 0 1 1 0 8 0
pfstate 384 2 0 0 1 0 1 1 0 8 0
pfrule 1360 1 0 1 1 1 0 1 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 500 0 44 29 0 29 29 0 8 0
art_table 40 501 0 44 5 0 5 5 0 8 0
art_node 32 124 0 23 1 0 1 1 0 8 0
semapl 72 4 0 0 1 0 1 1 0 8 0
shmpl 112 1 0 1 1 1 0 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1736 0 266 93 0 93 93 0 8 0
ffsino 256 1736 0 266 93 0 93 93 0 8 0
nchpl 144 2065 0 358 64 0 64 64 0 8 0
rtmask 32 1 0 0 1 0 1 1 0 8 0
vnodes 216 1863 0 0 104 0 104 104 0 8 0
namei 1024 6641 0 6641 1 0 1 1 0 8 1
kstatmem 264 37 0 14 2 0 2 2 0 8 0
scxspl 216 9024 0 9024 8 7 1 8 1 8 1
plimitpl 152 201 0 184 1 0 1 1 0 8 0
sigapl 424 540 0 497 6 1 5 6 0 8 0
knotepl 120 6475 0 6280 10 3 7 10 0 8 1
kqueuepl 184 48 0 36 1 0 1 1 0 8 0
pipepl 304 130 0 103 3 0 3 3 0 8 0
fdescpl 448 527 0 498 5 1 4 5 0 8 0
filepl 120 2405 0 2173 10 2 8 10 0 8 0
lockfpl 104 44 0 39 1 0 1 1 0 8 0
lockfspl 48 16 0 13 1 0 1 1 0 8 0
sessionpl 144 27 0 18 1 0 1 1 0 8 0
pgrppl 48 36 0 19 1 0 1 1 0 8 0
ucredpl 104 212 0 200 1 0 1 1 0 8 0
zombiepl 144 499 0 497 1 0 1 1 0 8 0
processpl 1152 540 0 497 4 0 4 4 0 8 0
procpl 664 685 0 635 5 0 5 5 0 8 0
sockpl 552 425 0 388 10 7 3 10 0 8 0
mcl64k 65536 10 0 10 1 1 0 1 0 8 0
mcl16k 16384 2 0 2 1 1 0 1 0 8 0
mcl8k 8192 4 0 4 1 1 0 1 0 8 0
mcl4k 4096 2603 0 2546 14 6 8 14 0 8 0
mcl2k 2048 216 0 215 1 0 1 1 0 8 0
mtagpl 96 4 0 4 1 1 0 1 0 8 0
mbufpl 256 5526 0 5358 12 0 12 12 0 8 0
bufpl 280 3399 0 102 236 0 236 236 0 8 0
anonpl 24 96459 0 93340 52 9 43 52 0 186 0
amapchunkpl 152 10876 0 10435 23 3 20 23 0 158 0
amappl16 200 1433 0 1408 15 4 11 15 0 8 0
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 425 0 423 1 0 1 1 0 8 0
amappl13 176 115 0 105 1 0 1 1 0 8 0
amappl12 168 767 0 739 2 0 2 2 0 8 0
amappl11 160 22 0 22 1 1 0 1 0 8 0
amappl10 152 56 0 46 1 0 1 1 0 8 0
amappl9 144 272 0 272 1 1 0 1 0 8 0
amappl8 136 99 0 96 1 0 1 1 0 8 0
amappl7 128 163 0 152 1 0 1 1 0 8 0
amappl6 120 160 0 158 1 0 1 1 0 8 0
amappl5 112 106 0 99 1 0 1 1 0 8 0
amappl4 104 261 0 246 1 0 1 1 0 8 0
amappl3 96 2012 0 1911 3 0 3 3 0 8 0
amappl2 88 533 0 477 2 0 2 2 0 8 0
amappl1 80 10567 0 10023 14 2 12 14 0 8 0
amappl 88 3083 0 2933 4 0 4 4 0 92 0
uvmvnodes 80 100 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 3 0 1 1 0 1 1 0 8 0
uaddrrnd 24 527 0 498 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 527 0 498 1 0 1 1 0 8 0
vmmpekpl 168 6112 0 6082 2 0 2 2 0 8 0
vmmpepl 168 42010 0 40263 91 6 85 91 0 357 0
vmsppl 368 526 0 498 4 1 3 4 0 8 0
rwobjpl 40 14818 0 13896 13 0 13 13 0 8 0
pdppl 4096 1060 0 996 98 32 66 80 0 8 2
pvpl 32 246659 0 236978 129 20 109 129 0 265 0
pmappl 216 526 0 498 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 369 0 53 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8348716e) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff834c301a,ffffffff8341a01f,1cb,ffffffff8347bd21) at __assert+0x29 sys/kern/subr_prf.c:-1
pipex_unlink_session_locked(ffff8000ffff69e0) at pipex_unlink_session_locked+0x429
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 pipex_rele_session sys/net/pipex.c:-1 [inline]
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 sys/net/pipex.c:151
pppacclose(6381,1,2000,ffff80002a77dca0) at pppacclose+0x16f sys/net/if_pppx.c:1335
spec_close(ffff80003c90d720) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffa806174db48,1,fffffa8007ffd680,ffff80002a77dca0) at VOP_CLOSE+0x129 sys/kern/vfs_vops.c:156
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d sys/kern/vfs_vnops.c:621
fdrop(fffffa806d236c48,ffff80002a77dca0) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffa806d236c48,ffff80002a77dca0) at closef+0x190 sys/kern/kern_descrip.c:1265
fdfree(ffff80002a77dca0) at fdfree+0x115 sys/kern/kern_descrip.c:1196
exit1(ffff80002a77dca0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80002a77dca0,ffff80003c90da80,ffff80003c90d9d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c90da80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c90da80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7cb0f6529630, count: -16
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8348716e) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff834c301a,ffffffff8341a01f,1cb,ffffffff8347bd21) at __assert+0x29 sys/kern/subr_prf.c:-1
pipex_unlink_session_locked(ffff8000ffff69e0) at pipex_unlink_session_locked+0x429
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 pipex_rele_session sys/net/pipex.c:-1 [inline]
pipex_destroy_all_sessions(ffff8000015e1000) at pipex_destroy_all_sessions+0xd9 sys/net/pipex.c:151
pppacclose(6381,1,2000,ffff80002a77dca0) at pppacclose+0x16f sys/net/if_pppx.c:1335
spec_close(ffff80003c90d720) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffa806174db48,1,fffffa8007ffd680,ffff80002a77dca0) at VOP_CLOSE+0x129 sys/kern/vfs_vops.c:156
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffa806d236c48,ffff80002a77dca0) at vn_closefile+0x11d sys/kern/vfs_vnops.c:621
fdrop(fffffa806d236c48,ffff80002a77dca0) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffa806d236c48,ffff80002a77dca0) at closef+0x190 sys/kern/kern_descrip.c:1265
fdfree(ffff80002a77dca0) at fdfree+0x115 sys/kern/kern_descrip.c:1196
exit1(ffff80002a77dca0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80002a77dca0,ffff80003c90da80,ffff80003c90d9d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c90da80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c90da80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7cb0f6529630, count: -16
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages