kern/60162: assert failed: kq->kq_fdp == fdp

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/60162: assert failed: kq->kq_fdp == fdp
From: "r772577952%gmail.com@localhost via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Thu, 2 Apr 2026 08:15:00 +0000 (UTC)

>Number:         60162
>Category:       kern
>Synopsis:       assert failed: kq->kq_fdp == fdp
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Apr 02 08:15:00 +0000 2026
>Originator:     Jiaming Zhang
>Release:        image: NetBSD-10.1; kernel: trunk branch, commit fcca2226d50a3222f4010b6ef59cb5a1f9aa319b
>Organization:
>Environment:
NetBSD  11.99.5 NetBSD 11.99.5 (CLOUD) #0: Wed Apr  1 18:34:06 CST 2026  root@ustb520lab-MS-7E07:/vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/arch/amd64/compile/obj/CLOUD amd64
>Description:
When fuzzing NetBSD kernel with syzkaller and our generated syscall descriptions, we encountered an issue: assert failed: kq->kq_fdp == fdp. This issues is reproducible in a recent version of NetBSD kernel (commit fcca2226d50a3222f4010b6ef59cb5a1f9aa319b).

The kernel console output, kernel config, and reproducers are available at: https://drive.google.com/drive/folders/1IB7-mf3RO_JgByXF5v2Jr04e9DRXpXKl?usp=sharing

The symbolized issue report is also shown below to help with analysis:

```
TITLE: assert failed: kq->kq_fdp == fdp
CORRUPTED: false ()
SUPPRESSED: false
MAINTAINERS (TO): []
MAINTAINERS (CC): []

login: [  20.4849823] panic: kernel diagnostic assertion "kq->kq_fdp == fdp" failed: file "/vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/kern/kern_event.c", line 2693 
[  20.4849823] cpu0: Begin traceback...
[  20.4849823] asan.module_ctor() at ffffffff81ebbd0e
[  20.4948945] asan.module_ctor() at ffffffff8229fb3e
[  20.5048909] kqueue_close() at netbsd:kqueue_close+0x306 vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/kern/kern_event.c:-1
[  20.5148873] fd_unused() at netbsd:fd_unused+0x7c3 vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/kern/kern_descrip.c:865
[  20.5248877] ktrace_thread() at netbsd:ktrace_thread+0xa4e vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/kern/kern_ktrace.c:-1
[  20.5248877] cpu0: End traceback...

[  20.5248877] dumping to dev 168,1 (offset=29361126, size=524159):
[  20.5248877] dump 607 WARNING: lwp 0 (system swapper) flags 0x20020080: timecounter went backwards from (21 + 0x7492a8366c2a3338/2^64) sec to (20 + 0xa014af373b42a598/2^64) sec in netbsd:sched_lendpri+0x12fc
[  20.5248877] WARNING: lwp 0 (system swapper): negative runtime: (-1 + 0x2c6da4733b409660/2^64) sec
[  20.5248877] WARNING: pid 0 (system): negative runtime; monotonic clock has gone backwards
[  20.5248877] 606 605 604 603 602 601 600 599 598 597 596 595 594 593 592 591 590 589 588 587 586 585 584 583 582 581 580 579 578 577 576 575 574 573 572 571 570 569 568 567 566 
```
>How-To-Repeat:
The issues can be reproduced by running the C or syz reproducer on the kernel under a specified config.
>Fix:

Prev by Date: kern/60161: assert failed: kn->kn_fop == &proc_filtops
Next by Date: kern/60163: assert failed: ks->ks_pshared_proc == NULL
Previous by Thread: kern/60161: assert failed: kn->kn_fop == &proc_filtops
Next by Thread: kern/60163: assert failed: ks->ks_pshared_proc == NULL
Indexes:

Home | Main Index | Thread Index | Old Index