panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/rtsock.c", line 928
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*376105 17816 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff821e9a97,ffffffff821a6bee,3a0,ffffffff821726e0) at __assert+0x2b sys/kern/subr_prf.c:154
rtm_output(ffff800000b95800,ffff8000189a4e60,ffff8000189a4db8,1b,5) at rtm_output+0xba9 sys/net/rtsock.c:1109
route_output(fffffd802ec30500,fffffd80294e3498,0,0) at route_output+0x609 sys/net/rtsock.c:819
route_usrreq(fffffd80294e3498,9,fffffd802ec30500,0,0,ffff80001491a9f8) at route_usrreq+0x363 sys/net/rtsock.c:275
sosend(fffffd80294e3498,0,ffff8000189a5040,0,0,80) at sosend+0x63d sys/kern/uipc_socket.c:524
sendit(ffff80001491a9f8,3,ffff8000189a5120,0,ffff8000189a5200) at sendit+0x52b sys/kern/uipc_syscalls.c:662
sys_sendto(ffff80001491a9f8,ffff8000189a51b8,ffff8000189a5200) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
syscall(ffff8000189a5280) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe00c9fa4f60, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/rtsock.c", line 928
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff821e9a97,ffffffff821a6bee,3a0,ffffffff821726e0) at __assert+0x2b sys/kern/subr_prf.c:154
rtm_output(ffff800000b95800,ffff8000189a4e60,ffff8000189a4db8,1b,5) at rtm_output+0xba9 sys/net/rtsock.c:1109
route_output(fffffd802ec30500,fffffd80294e3498,0,0) at route_output+0x609 sys/net/rtsock.c:819
route_usrreq(fffffd80294e3498,9,fffffd802ec30500,0,0,ffff80001491a9f8) at route_usrreq+0x363 sys/net/rtsock.c:275
sosend(fffffd80294e3498,0,ffff8000189a5040,0,0,80) at sosend+0x63d sys/kern/uipc_socket.c:524
sendit(ffff80001491a9f8,3,ffff8000189a5120,0,ffff8000189a5200) at sendit+0x52b sys/kern/uipc_syscalls.c:662
sys_sendto(ffff80001491a9f8,ffff8000189a51b8,ffff8000189a5200) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:527
syscall(ffff8000189a5280) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe00c9fa4f60, count: -11
ddb> show registers
rdi 0xffffffff811e7a37 db_enter+0x17
rsi 0x3ec5 __ALIGN_SIZE+0x2ec5
rbp 0xffff8000189a4c30
rbx 0xffff8000189a4ce0
rdx 0x3ec6 __ALIGN_SIZE+0x2ec6
rcx 0xffff80001571c000
rax 0xffff80001571c000
r8 0xffff8000189a4bf0
r9 0x1
r10 0xffff800000b02f00
r11 0x58bddd01d764970
r12 0x3000000008
r13 0xffff8000189a4c40
r14 0x100
r15 0x1
rip 0xffffffff811e7a38 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000189a4c20
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=376105 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=62, usrpri=62, nice=20
forw=0xffffffffffffffff, list=0xffff80001491a018,0xffffffff82591710
process=0xffff8000148a26d8 user=0xffff8000189a0000, vmspace=0xfffffd803f011ee0
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
17816 86530 59167 0 3 0x80 fsleep syz-executor.0
*17816 376105 59167 0 7 0x4000000 syz-executor.0
62392 256052 32577 0 3 0x80 fsleep syz-executor.1
62392 506481 32577 0 3 0x4000080 poll syz-executor.1
32577 287045 69388 0 3 0x82 nanosleep syz-executor.1
59167 142808 69388 0 3 0x82 nanosleep syz-executor.0
63388 271243 0 0 3 0x14200 acct acct
67441 319332 1 0 3 0x100083 ttyin getty
99967 102104 0 0 3 0x14200 bored sosplice
69388 64692 3214 0 3 0x82 thrsleep syz-fuzzer
69388 69730 3214 0 2 0x4000482 syz-fuzzer
69388 341790 3214 0 3 0x4000082 thrsleep syz-fuzzer
69388 267824 3214 0 3 0x4000082 thrsleep syz-fuzzer
69388 170796 3214 0 3 0x4000082 thrsleep syz-fuzzer
69388 349414 3214 0 3 0x4000082 thrsleep syz-fuzzer
69388 212533 3214 0 3 0x4000082 thrsleep syz-fuzzer
69388 62191 3214 0 3 0x4000082 kqread syz-fuzzer
69388 509735 3214 0 3 0x4000082 thrsleep syz-fuzzer
3214 476029 69100 0 3 0x10008a pause ksh
69100 88907 86 0 3 0x92 select sshd
86 238714 1 0 3 0x80 select sshd
55837 178156 31462 73 3 0x100090 kqread syslogd
31462 191701 1 0 3 0x100082 netio syslogd
59042 278517 1 77 3 0x100090 poll dhclient
23470 4731 1 0 3 0x80 poll dhclient
58409 369440 0 0 2 0x14200 zerothread
79257 21872 0 0 3 0x14200 aiodoned aiodoned
4287 366242 0 0 3 0x14200 syncer update
64231 441984 0 0 3 0x14200 cleaner cleaner
23734 434933 0 0 3 0x14200 reaper reaper
35693 184866 0 0 3 0x14200 pgdaemon pagedaemon
51545 128071 0 0 3 0x14200 bored crynlk
5831 143501 0 0 3 0x14200 bored crypto
7882 78045 0 0 3 0x40014200 acpi0 acpi0
13215 38199 0 0 3 0x14200 bored softnet
41945 220046 0 0 3 0x14200 bored systqmp
39966 15853 0 0 3 0x14200 bored systq
25649 151834 0 0 3 0x40014200 bored softclock
34754 114330 0 0 3 0x40014200 idle0
77524 245189 0 0 3 0x14200 bored smr
1 273463 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9593 6536K 9220K 78643K 41333 0 0
pcb 13 10K 12K 78643K 1290 0 0
rtable 135 7K 7K 78643K 3393 0 0
ifaddr 283 34K 35K 78643K 1163 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 347 0 0
iov 0 0K 32K 78643K 1230 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1231 77K 78K 78643K 11356 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 90 0 0
VM map 32 8K 8K 78643K 61 0 0
sem 12 1K 1K 78643K 1175 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1794 195K 288K 78643K 12646 0 0
file desc 6 17K 25K 78643K 5498 0 0
sigio 0 0K 0K 78643K 111 0 0
proc 50 38K 63K 78643K 2396 0 0
subproc 32 2K 2K 78643K 697 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 595 0 0
in_multi 318 16K 16K 78643K 974 0 0
ether_multi 1 0K 0K 78643K 48 0 0
mrt 0 0K 0K 78643K 54 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 132 583K 583K 78643K 132 0 0
exec 0 0K 1K 78643K 1312 0 0
pfkey data 0 0K 4K 78643K 8 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 191 252K 257K 78643K 15190 0 0
UVM aobj 130 6K 6K 78643K 136 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 1241 0 0
NDP 21 0K 1K 78643K 284 0 0
temp 170 3536K 4175K 78643K 162765 0 0
kqueue 0 0K 0K 78643K 93 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 131 0 122 1 0 1 1 0 8 0
rtpcb 80 4713 0 4710 1 0 1 1 0 8 0
rtentry 112 665 0 614 2 0 2 2 0 8 0
unpcb 120 4463 0 4449 6 5 1 2 0 8 0
syncache 264 41 0 41 15 15 0 1 0 8 0
tcpqe 32 107 0 107 10 10 0 1 0 8 0
tcpcb 544 2857 0 2853 47 46 1 15 0 8 0
ipq 40 79 0 79 18 18 0 1 0 8 0
ipqe 40 2786 0 2786 18 18 0 1 0 8 0
inpcb 280 8932 0 8925 44 42 2 9 0 8 1
rttmr 72 17 0 16 4 3 1 1 0 8 0
ip6q 72 6 0 6 4 4 0 1 0 8 0
ip6af 40 15 0 15 3 3 0 1 0 8 0
nd6 48 105 0 101 3 2 1 1 0 8 0
pkpcb 40 50 0 50 16 16 0 1 0 8 0
ppxss 1128 83 0 83 19 18 1 1 0 8 1
art_heap8 4096 3 0 0 3 0 3 3 0 8 0
art_heap4 256 3043 0 2743 51 32 19 21 0 8 0
art_table 32 3046 0 2743 4 1 3 3 0 8 0
art_node 16 659 0 612 1 0 1 1 0 8 0
sysvmsgpl 40 47 0 33 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 1173 0 1163 1 0 1 1 0 8 0
shmpl 112 134 0 6 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 9754 0 8356 46 0 46 46 0 8 0
ffsino 240 9754 0 8356 83 0 83 83 0 8 0
nchpl 144 17716 0 17255 60 40 20 60 0 8 0
uvmvnodes 72 7614 0 0 139 0 139 139 0 8 0
vnodes 208 7614 0 0 401 0 401 401 0 8 0
namei 1024 70842 0 70842 4 3 1 1 0 8 1
vcpupl 1984 31 0 1 4 0 4 4 0 8 0
vmpool 520 59 0 29 4 2 2 3 0 8 0
scsiplug 64 7 0 7 6 6 0 1 0 8 0
scxspl 192 64655 0 64655 28 27 1 7 0 8 1
plimitpl 152 549 0 542 1 0 1 1 0 8 0
sigapl 432 5552 0 5538 2 0 2 2 0 8 0
futexpl 56 204635 0 204633 4 3 1 1 0 8 0
knotepl 112 3791 0 3772 10 9 1 3 0 8 0
kqueuepl 104 6157 0 6154 10 9 1 4 0 8 0
pipepl 128 3822 0 3803 21 19 2 2 0 8 1
fdescpl 424 5553 0 5538 2 0 2 2 0 8 0
filepl 120 63827 0 63728 52 48 4 11 0 8 0
lockfpl 104 2017 0 2016 1 0 1 1 0 8 0
lockfspl 48 642 0 641 1 0 1 1 0 8 0
sessionpl 112 57 0 47 1 0 1 1 0 8 0
pgrppl 48 137 0 127 1 0 1 1 0 8 0
ucredpl 96 7568 0 7560 1 0 1 1 0 8 0
zombiepl 144 5542 0 5542 1 0 1 1 0 8 1
processpl 864 5573 0 5542 4 0 4 4 0 8 0
procpl 632 12416 0 12375 7 3 4 5 0 8 0
sosppl 128 117 0 117 25 24 1 1 0 8 1
sockpl 384 18352 0 18328 82 78 4 14 0 8 0
mcl64k 65536 1166 0 1166 88 69 19 65 0 8 19
mcl16k 16384 97 0 97 26 25 1 1 0 8 1
mcl12k 12288 201 0 201 17 17 0 1 0 8 0
mcl9k 9216 82 0 82 28 27 1 1 0 8 1
mcl8k 8192 367 0 367 12 12 0 1 0 8 0
mcl4k 4096 772 0 772 12 11 1 1 0 8 1
mcl2k2 2112 65 0 65 28 28 0 1 0 8 0
mcl2k 2048 82951 0 82907 24 17 7 13 0 8 1
mtagpl 80 317 0 317 7 6 1 2 0 8 1
mbufpl 256 201770 0 201643 346 329 17 45 0 8 4
bufpl 256 27307 0 19688 477 0 477 477 0 8 0
anonpl 16 733659 0 714997 296 198 98 142 0 62 0
amapchunkpl 152 32963 0 32800 158 150 8 41 0 158 0
amappl16 192 33038 0 31726 263 196 67 78 0 8 0
amappl15 184 1126 0 1123 4 3 1 1 0 8 0
amappl14 176 1146 0 1140 1 0 1 1 0 8 0
amappl13 168 392 0 390 1 0 1 1 0 8 0
amappl12 160 302 0 300 1 0 1 1 0 8 0
amappl11 152 591 0 580 1 0 1 1 0 8 0
amappl10 144 973 0 971 4 3 1 1 0 8 0
amappl9 136 1789 0 1786 1 0 1 1 0 8 0
amappl8 128 1350 0 1292 2 0 2 2 0 8 0
amappl7 120 1176 0 1167 1 0 1 1 0 8 0
amappl6 112 501 0 483 1 0 1 1 0 8 0
amappl5 104 816 0 806 1 0 1 1 0 8 0
amappl4 96 5829 0 5795 1 0 1 1 0 8 0
amappl3 88 1390 0 1379 1 0 1 1 0 8 0
amappl2 80 42052 0 41971 3 1 2 3 0 8 0
amappl1 72 114741 0 114306 26 16 10 20 0 8 0
amappl 80 13341 0 13279 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 135 0 6 3 0 3 3 0 8 0
uaddrrnd 24 5612 0 5538 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 5612 0 5538 1 0 1 1 0 8 0
vmmpekpl 168 37632 0 37599 2 0 2 2 0 8 0
vmmpepl 168 697980 0 695320 535 372 163 171 0 357 41
vmsppl 272 5552 0 5538 9 8 1 2 0 8 0
pdppl 4096 11230 0 11164 13 4 9 9 0 8 0
pvpl 32 1876066 0 1855384 701 490 211 408 0 265 0
pmappl 200 5611 0 5567 3 0 3 3 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 1200 0 558 21 1 20 21 0 8 0