NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/60165: assert failed: sc->sc_base.me_evp != NULL
>Number: 60165
>Category: kern
>Synopsis: assert failed: sc->sc_base.me_evp != NULL
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Apr 02 08:25:00 +0000 2026
>Originator: Jiaming Zhang
>Release: image: NetBSD-10.1; kernel: trunk branch, commit fcca2226d50a3222f4010b6ef59cb5a1f9aa319b
>Organization:
>Environment:
NetBSD 11.99.5 NetBSD 11.99.5 (CLOUD) #0: Wed Apr 1 18:34:06 CST 2026 root@ustb520lab-MS-7E07:/vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/arch/amd64/compile/obj/CLOUD amd64
>Description:
When fuzzing NetBSD kernel with syzkaller and our generated syscall descriptions, we encountered an issue: assert failed: sc->sc_base.me_evp != NULL. This issues is reproducible in a recent version of NetBSD kernel (commit fcca2226d50a3222f4010b6ef59cb5a1f9aa319b).
The kernel console output, kernel config, and reproducers are available at: https://drive.google.com/drive/folders/1iyDEpOyAIO1cQuA1lcy7FBLNwtBscWW9?usp=sharing
The symbolized issue report is also shown below to help with analysis:
```
TITLE: assert failed: sc->sc_base.me_evp != NULL
CORRUPTED: false ()
SUPPRESSED: false
MAINTAINERS (TO): []
MAINTAINERS (CC): []
[ 30.7189475] panic: kernel diagnostic assertion "sc->sc_base.me_evp != NULL" failed: file "/vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/dev/wscons/wsmux.c", line 592 wsmuxkqfilter: not open
[ 30.7189475] cpu0: Begin traceback...
[ 30.7189475] asan.module_ctor() at ffffffff81ebbd0e
[ 30.7288746] asan.module_ctor() at ffffffff8229fb3e
[ 30.7388752] asan.module_dtor() at ffffffff81aa755a
[ 30.7388752] devsw_detach_locked() at netbsd:devsw_detach_locked+0x6551 vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/kern/subr_devsw.c:1623
[ 30.7488740] asan.module_ctor() at ffffffff81fffc3f
[ 30.7588785] asan.module_ctor() at ffffffff81fe2029
[ 30.7688781] kqueue1() at netbsd:kqueue1+0x1a46 filter_attach vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/kern/kern_event.c:572 [inline]
[ 30.7688781] kqueue1() at netbsd:kqueue1+0x1a46 kqueue_register vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/kern/kern_event.c:2027 [inline]
[ 30.7688781] kqueue1() at netbsd:kqueue1+0x1a46 vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/kern/kern_event.c:1855
[ 30.7688781] asan.module_dtor() at ffffffff8162d647
[ 30.7788725] asan.module_dtor() at ffffffff81e1c909
[ 30.7888720] syscall() at netbsd:syscall+0x26d sy_call vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/sys/syscallvar.h:65 [inline]
[ 30.7888720] syscall() at netbsd:syscall+0x26d sy_invoke vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/sys/syscallvar.h:94 [inline]
[ 30.7888720] syscall() at netbsd:syscall+0x26d vol/workdir/cloud-netbsd-dev/netbsd/20260401-fcca2226/src/sys/arch/x86/x86/syscall.c:137
[ 30.7888720] --- syscall (number 435 via SYS_syscall) ---
[ 30.7888720] netbsd:syscall+0x26d:
[ 30.7888720] cpu0: End traceback...
[ 30.7888720] dumping to dev 168,1 (offset=29361126, size=524159):
[ 30.7888720] dump 607 606 605 604 603 602 601 600 599 598 597 596 595 594 593 592 591 590 589 588 587 586 585 584 583 582 581 580 579 578 577 576 575 574 573 572 571 570 569 568 567 566 565 564 563 562 561 560 559 558 557 556
```
>How-To-Repeat:
The issues can be reproduced by running the C or syz reproducer on the kernel under a specified config.
>Fix:
Home |
Main Index |
Thread Index |
Old Index