[ 2408.1272822] ASan: Unauthorized Access In 0xffffffff80f7111c: Addr 0xffff970012faa248 [8 bytes, read, RedZone] [ 2408.1397956] #0 0xffffffff80f7111c in knote [ 2408.1523112] #1 0xffffffff8102dd1b in selnotify [ 2408.1523112] #2 0xffffffff81025f43 in pipeselwakeup [ 2408.1648281] #3 0xffffffff81026222 in pipeclose.part.0 [ 2408.1773422] #4 0xffffffff810264c2 in pipe_close 09:06:10 executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) shmget(0x1, 0x3000, 0x2, &(0x7f0000ffb000/0x3000)=nil) r1 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_timeval(r0, 0xffff, 0x100b, &(0x7f0000000100)={0x1000, 0x5}, 0x10) ftruncate(r0, 0x4) semget$private(0x0, 0x2, 0x10) bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x0) r2 = semget(0x1, 0x4, 0x100) semctl$SETALL(r2, 0x0, 0x9, &(0x7f0000000280)=[0x1aa]) writev(r1, &(0x7f0000000480)=[{&(0x7f0000000380)="74069ec57a9b72cb469b6f223c60e3a745eb2dae8c5426bbfa2d95539520e7671066a158bfdf48a3663e5c6d126c6a0e916fe0404bf67e031c71e8d2485dcc53e5c3adf2efb08f18b508a745165541192b0b9a0037a0ecaa5d5de7ee0d493c165935ec6d8fbca636f0046b6e9575ee408e337511cc1fbd68af5b10ed3ed69590ef87b319a9749b15897ff8c55e4445e92ce7360c0a2459eb3794441674d19d51b8a9ab86fc31e23d13b168ec52219acec3290982503c3c2190b016895f8ed56340bfa85db4d2a12d1cb22a8d52731067aae89d94335fc65eef27cf", 0xdb}], 0x1) listen(r1, 0x0) paccept(r1, &(0x7f00000002c0)=@in, &(0x7f0000000340)=0xc, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) connect$unix(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="5dfd7fbc49c2729bc7735feec47baccac193ebe700754e3bfbe703dced30aec18ae7fca655f598a8f04d62d12f6fff99150971d880c13235d4d196dea82df470d2be1ca79650a978ec280c00004daacdb42ab299b520d39bb0d3d8c9f96051a5869a81944e0591e7ba1ce68ba2482ce77b75a09155eb1a8d65fc2d7e8192d6a94cd8a16275afad7bda45ca43759bf7fff23b55629f26319e6014f1aeeea217848198c5fd9aca222b4bc32341c4e376d5c8c887c8e326c843856ea2fc173567e41b98d7e3ab02c7c2a5a8ae1989f0a150342f02f958804b008119cafb580c34cf633eb73b3626d13e9dbde724bdb37f5349bd99d63d18055bb6874c67e5ed6bee3f57d34b4b0dd17f178c"], 0x1) r3 = dup2(r1, r0) getsockopt$sock_timeval(r3, 0xffff, 0x100b, &(0x7f0000000080), &(0x7f00000000c0)=0x10) mknodat(r3, &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x3) r4 = semget$private(0x0, 0x3, 0x52) semop(r4, &(0x7f0000000280), 0x0) r5 = accept(r0, 0x0, 0x0) connect(r5, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100e91f7189591e9233614b0040e566b52aa1ebc7bc63239d7e1ad205549b2f3a8c77f8937fac77cd54c696afffd740cd2cce56133e7437f9c06bfb2e810fce3f6a2b0246b6deafd0849abef1368f9e4c124245fa02d53193740df01ace50c47eef8d1a06006e6f20c854bdbd72fa985f9159bb93f57b5517820e301a6293be6deefb35de758e6ea43db8a09ad081f51192928dad7cf6a8813f6aaa948468e96491"], 0xd) 09:06:10 executing program 3: r0 = accept(0xffffffffffffff9c, &(0x7f0000000180)=@in, &(0x7f00000001c0)=0xc) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0x68, &(0x7f00000002c0)={{0x18, 0x1, 0x7c3f, 0x80}, {0x18, 0x1, 0x200, 0x2}, 0x6, [0x0, 0x624, 0xfffffffffffffff7, 0x8, 0x7ff, 0x5, 0x38c, 0x7]}, 0x3c) r1 = socket$inet6(0x18, 0x60000001, 0x1ff) r2 = dup(0xffffffffffffffff) r3 = open(&(0x7f0000000200)='./file0\x00', 0x2, 0x3) poll(&(0x7f0000000280)=[{r0, 0x80}, {r1, 0x8}, {r2}, {r3, 0x80}], 0x4, 0x7) select(0x40, &(0x7f0000000000)={0xffffffffffffff7f, 0x4, 0x5, 0x1, 0x2, 0x1, 0x0, 0x9}, &(0x7f00000000c0)={0x80000000, 0x3, 0x100, 0x4, 0x27a7, 0xd1, 0x7, 0x4}, &(0x7f0000000100)={0x1, 0x80, 0x8, 0x3, 0xb40, 0x8, 0xfffffffffffffff8, 0x80000000}, &(0x7f0000000140)={0x5, 0x2}) select(0x0, 0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000240)) [ 2408.1773422] #5 0xffffffff80f686b0 in closef [ 2408.1898576] #6 0xffffffff80f6c375 in fd_free [ 2408.2023746] #7 0xffffffff80f7988c in exit1 [ 2408.2023746] #8 0xffffffff80fb7604 in sigexit [ 2408.2148879] #9 0xffffffff80fb7d47 in sendsig [ 2408.2148879] #10 0xffffffff80f8b191 in lwp_userret [ 2408.2274042] #11 0xffffffff8026b493 in syscall [ 2408.2399216] ASan: Unauthorized Access In 0xffffffff80f7112c: Addr 0xffff970012faa2a8 [8 bytes, read, RedZone] 09:06:10 executing program 5: socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001140)=[{&(0x7f0000000040)=""/234, 0xea}, {&(0x7f0000000140)=""/4096, 0x1000}], 0x2) ftruncate(r0, 0x4) getpeername$unix(r0, &(0x7f0000001180)=@abs, &(0x7f00000011c0)=0x8) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6698222ad651784b, 0x11, r1, 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r0) recvfrom$inet6(r2, &(0x7f0000001200)=""/75, 0x4b, 0x40, &(0x7f0000001280)={0x18, 0x0, 0xfff, 0xadf}, 0xc) linkat(r2, &(0x7f00000012c0)='./file0\x00', r2, &(0x7f0000001300)='./file0\x00', 0x400) msgget$private(0x0, 0x208) fchmodat(r2, &(0x7f0000001340)='./file0\x00', 0x4a, 0x200) r3 = shmget(0x0, 0x1000, 0x1, &(0x7f0000ffe000/0x1000)=nil) shmctl$SHM_UNLOCK(r3, 0x4) shmget(0x0, 0x1000, 0x2, &(0x7f0000ffd000/0x1000)=nil) r4 = fcntl$dupfd(r2, 0xc, r1) recvfrom(r2, &(0x7f0000001380)=""/136, 0x88, 0x0, &(0x7f0000001440)=@in={0x2, 0x1}, 0xc) bind$inet6(r4, &(0x7f0000001480)={0x18, 0x3, 0x8, 0x6}, 0xc) close(r2) getpeername$unix(r2, &(0x7f00000014c0)=@file={0x0, ""/50}, &(0x7f0000001500)=0x34) r5 = dup2(r0, r0) getsockopt$SO_PEERCRED(r2, 0xffff, 0x11, &(0x7f0000001540), 0xc) fchdir(r2) connect$unix(r2, &(0x7f0000001580)=@file={0x0, './file0\x00'}, 0xa) accept$inet6(r4, &(0x7f00000015c0), &(0x7f0000001600)=0xc) getsockopt$SO_PEERCRED(r0, 0xffff, 0x11, &(0x7f0000001640), 0xc) getsockopt(r4, 0xffffffff, 0x4, &(0x7f0000001680)=""/65, &(0x7f0000001700)=0x41) writev(r5, &(0x7f00000017c0)=[{&(0x7f0000001740)="0ec411e474160512eb42fbb461f04ca94f4e5766a7288ddcd1704cad922e6b2ed197f4de8b81a01cd81acd88e0b2462bd745c9f11949a76e960350eab89a485797f7236d4c993cbe2b7c32143069a74094c12a", 0x53}], 0x1) readlinkat(0xffffffffffffffff, &(0x7f0000001800)='./file0\x00', &(0x7f0000001840)=""/206, 0xce) connect$unix(r4, &(0x7f0000001940)=@file={0x0, './file0\x00'}, 0xa) getpeername(r4, &(0x7f0000001980)=@un=@abs, &(0x7f00000019c0)=0x8) bind(r2, &(0x7f0000001a00)=@in6={0x18, 0x3, 0x6, 0x4}, 0xc) [ 2408.2524361] #0 0xffffffff80f7112c in knote [ 2408.2524361] #1 0xffffffff8102dd1b in selnotify [ 2408.2649660] #2 0xffffffff81025f43 in pipeselwakeup [ 2408.2649660] #3 0xffffffff81026222 in pipeclose.part.0 [ 2408.2774692] #4 0xffffffff810264c2 in pipe_close [ 2408.2899834] #5 0xffffffff80f686b0 in closef [ 2408.2899834] #6 0xffffffff80f6c375 in fd_free [ 2408.3024987] #7 0xffffffff80f7988c in exit1 [ 2408.3150181] #8 0xffffffff80fb7604 in sigexit [ 2408.3150181] #9 0xffffffff80fb7d47 in sendsig [ 2408.3275307] #10 0xffffffff80f8b191 in lwp_userret [ 2408.3275307] #11 0xffffffff8026b493 in syscall [ 2408.3400458] panic: kernel diagnostic assertion "kn->kn_fop != NULL" failed: file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_event.c", line 1653 [ 2408.3525705] cpu1: Begin traceback... [ 2408.3650766] vpanic() at netbsd:vpanic+0x214 [ 2408.3775954] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 2408.3901096] knote() at netbsd:knote+0x117 [ 2408.4026242] selnotify() at netbsd:selnotify+0x30 [ 2408.4151411] pipeselwakeup() at netbsd:pipeselwakeup+0x47 [ 2408.4401737] pipeclose.part.0() at netbsd:pipeclose.part.0+0x8a [ 2408.4527030] pipe_close() at netbsd:pipe_close+0x2b [ 2408.4652048] closef() at netbsd:closef+0xf3 [ 2408.4777201] fd_free() at netbsd:fd_free+0x174 [ 2408.4902363] exit1() at netbsd:exit1+0x265 [ 2408.5027520] sigexit() at netbsd:sigexit+0x33c [ 2408.5152673] sendsig() at netbsd:sendsig [ 2408.5277821] lwp_userret() at netbsd:lwp_userret+0x2db [ 2408.5402995] syscall() at netbsd:syscall+0x413 [ 2408.5402995] --- syscall (number 32) --- [ 2408.5528138] 707b9fe3e02a: [ 2408.5528138] cpu1: End traceback... [ 2408.5653307] dumping to dev 4,1 (offset=0, size=0): not possible [ 2408.5653307] rebooting... SeaBIOS (version 1.8.2-20190322_093631-google) Total RAM Size = 0x00000001e0000000 = 7680 MiB CPUs found: 2 Max CPUs supported: 2 found virtio-scsi at 0:3 virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0 virtio-scsi blksize=512 sectors=4194304 = 2048 MiB drive 0x000f29c0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304 Booting from Hard Disk 0... >> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from NetBSD 8.0) >> Memory: 639/3144640 k 1. Boot normally 2. Boot single user 3. Disable ACPI 4. Disable ACPI and SMP 5. Drop to boot prompt