assert "kd_lookup(kd->kd_unit) == NULL" failed in kcov.c (4)
0 views
Skip to first unread message
syzbot
Sep 29, 2025, 2:33:25 AMSep 29
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3abf7a093b78 Fix warning: 'snprintf' will always be trunca..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=110d8334580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=1d63f7ba102fdffd69f3
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/08dbfbba3242/disk-3abf7a09.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/457b3cfe4f58/bsd-3abf7a09.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b484d02b1524/kernel-3abf7a09.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1d63f7...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "kd_lookup(kd->kd_unit) == NULL" failed: file "/syzkaller/managers/main/kernel/sys/dev/kcov.c", line 306
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*228323 54717 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83350277) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff8338f698,ffffffff8339b747,132,ffffffff833f40b5) at __assert+0x29 sys/kern/subr_prf.c:-1
kcovopen(113d4,102,2000,ffff80003ca9c2c8) at kcovopen+0x14f kd_lookup sys/dev/kcov.c:478 [inline]
kcovopen(113d4,102,2000,ffff80003ca9c2c8) at kcovopen+0x14f sys/dev/kcov.c:306
spec_open_clone(ffff80003c949478) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c949478) at spec_open+0x316 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd806bc76cf0,102,fffffd8007bfb7b8,ffff80003ca9c2c8) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff80003c949620,102,0) at vn_open+0x6a0 sys/kern/vfs_vnops.c:177
sys_ktrace(ffff80003ca9c2c8,ffff80003c9497f0,ffff80003c949740) at sys_ktrace+0x9a sys/kern/kern_ktrace.c:551
syscall(ffff80003c9497f0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9497f0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x666ab512d10, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 3abf7a093b78 Fix warning: 'snprintf' will always be trunca..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=110d8334580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=1d63f7ba102fdffd69f3
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/08dbfbba3242/disk-3abf7a09.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/457b3cfe4f58/bsd-3abf7a09.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b484d02b1524/kernel-3abf7a09.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1d63f7...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "kd_lookup(kd->kd_unit) == NULL" failed: file "/syzkaller/managers/main/kernel/sys/dev/kcov.c", line 306
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*228323 54717 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83350277) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff8338f698,ffffffff8339b747,132,ffffffff833f40b5) at __assert+0x29 sys/kern/subr_prf.c:-1
kcovopen(113d4,102,2000,ffff80003ca9c2c8) at kcovopen+0x14f kd_lookup sys/dev/kcov.c:478 [inline]
kcovopen(113d4,102,2000,ffff80003ca9c2c8) at kcovopen+0x14f sys/dev/kcov.c:306
spec_open_clone(ffff80003c949478) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c949478) at spec_open+0x316 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd806bc76cf0,102,fffffd8007bfb7b8,ffff80003ca9c2c8) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff80003c949620,102,0) at vn_open+0x6a0 sys/kern/vfs_vnops.c:177
sys_ktrace(ffff80003ca9c2c8,ffff80003c9497f0,ffff80003c949740) at sys_ktrace+0x9a sys/kern/kern_ktrace.c:551
syscall(ffff80003c9497f0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9497f0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x666ab512d10, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages