panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/rtsock.c", line 939
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*384865 38948 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff823c4058) at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff8242be75,ffffffff823d9a93,3ab,ffffffff823983a3) at __assert+0x2b sys/kern/subr_prf.c:154
rtm_output(ffff800000b23800,ffff8000207cfbc0,ffff8000207cfb18,40,0) at rtm_output+0xba9 sys/net/rtsock.c:1120
route_output(fffffd806bc22500,fffffd8068c35960,0,0) at route_output+0x678 sys/net/rtsock.c:832
route_usrreq(fffffd8068c35960,9,fffffd806bc22500,0,0,ffff80001d6c1eb8) at route_usrreq+0x36f sys/net/rtsock.c:275
sosend(fffffd8068c35960,0,ffff8000207cfdb0,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549
sendit(ffff80001d6c1eb8,3,ffff8000207cfe90,0,ffff8000207cff70) at sendit+0x52b sys/kern/uipc_syscalls.c:652
sys_sendto(ffff80001d6c1eb8,ffff8000207cff28,ffff8000207cff70) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:517
syscall(ffff8000207cfff0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xcebf34425a0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/rtsock.c", line 939
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff823c4058) at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff8242be75,ffffffff823d9a93,3ab,ffffffff823983a3) at __assert+0x2b sys/kern/subr_prf.c:154
rtm_output(ffff800000b23800,ffff8000207cfbc0,ffff8000207cfb18,40,0) at rtm_output+0xba9 sys/net/rtsock.c:1120
route_output(fffffd806bc22500,fffffd8068c35960,0,0) at route_output+0x678 sys/net/rtsock.c:832
route_usrreq(fffffd8068c35960,9,fffffd806bc22500,0,0,ffff80001d6c1eb8) at route_usrreq+0x36f sys/net/rtsock.c:275
sosend(fffffd8068c35960,0,ffff8000207cfdb0,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549
sendit(ffff80001d6c1eb8,3,ffff8000207cfe90,0,ffff8000207cff70) at sendit+0x52b sys/kern/uipc_syscalls.c:652
sys_sendto(ffff80001d6c1eb8,ffff8000207cff28,ffff8000207cff70) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:517
syscall(ffff8000207cfff0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xcebf34425a0, count: -11
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000207cf990
rbx 0xffff8000207cfa40
rdx 0x2
rcx 0
rax 0x1
r8 0xffffffff81c35ebf kprintf+0x15f
r9 0x1
r10 0x2
r11 0x885454dea2d87067
r12 0x3000000008
r13 0xffff8000207cf9a0
r14 0x100
r15 0x1
rip 0xffffffff815297e8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000207cf980
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=384865 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff80001d6c1768,0xffffffff8280e640
process=0xffff8000ffffb938 user=0xffff8000207cb000, vmspace=0xfffffd8066815330
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
38948 425209 71260 0 2 0 syz-executor.0
*38948 384865 71260 0 7 0x4000000 syz-executor.0
42698 66933 0 0 3 0x14200 acct acct
71260 54596 79580 0 3 0x82 nanosleep syz-executor.0
85781 192476 0 0 3 0x14200 bored sosplice
23284 386573 79580 0 2 0x2 syz-executor.1
79580 364249 63480 0 3 0x82 thrsleep syz-fuzzer
79580 398329 63480 0 3 0x4000082 nanosleep syz-fuzzer
79580 332125 63480 0 3 0x4000082 thrsleep syz-fuzzer
79580 56154 63480 0 3 0x4000082 thrsleep syz-fuzzer
79580 38192 63480 0 3 0x4000082 thrsleep syz-fuzzer
79580 144484 63480 0 3 0x4000082 kqread syz-fuzzer
79580 306951 63480 0 3 0x4000082 thrsleep syz-fuzzer
79580 315209 63480 0 3 0x4000082 thrsleep syz-fuzzer
79580 383183 63480 0 3 0x4000082 thrsleep syz-fuzzer
63480 167977 18461 0 3 0x10008a pause ksh
18461 405449 39971 0 3 0x92 select sshd
81063 36018 1 0 3 0x100083 ttyin getty
39971 471295 1 0 3 0x80 select sshd
15599 114526 21283 73 3 0x100090 kqread syslogd
21283 312594 1 0 3 0x100082 netio syslogd
42245 339986 1 77 3 0x100090 poll dhclient
14841 90062 1 0 3 0x80 poll dhclient
35826 356470 0 0 3 0x14200 bored smr
27683 448613 0 0 2 0x14200 zerothread
76080 16889 0 0 3 0x14200 aiodoned aiodoned
47400 501235 0 0 3 0x14200 syncer update
53728 230721 0 0 3 0x14200 cleaner cleaner
79574 70188 0 0 3 0x14200 reaper reaper
9978 139142 0 0 3 0x14200 pgdaemon pagedaemon
92234 243930 0 0 3 0x14200 bored crynlk
37678 368499 0 0 3 0x14200 bored crypto
14658 500056 0 0 3 0x40014200 acpi0 acpi0
78363 458269 0 0 3 0x14200 bored softnet
51072 94797 0 0 3 0x14200 bored systqmp
37104 485293 0 0 3 0x14200 bored systq
50134 268923 0 0 2 0x40014200 softclock
53254 266996 0 0 3 0x40014200 idle0
1 443642 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9508 6353K 6843K 78643K 11397 0
pcb 13 8K 8K 78643K 113 0
rtable 114 4K 7K 78643K 628 0
ifaddr 77 15K 16K 78643K 241 0
counters 21 16K 16K 78643K 34 0
ioctlops 0 0K 4K 78643K 96 0
iov 0 0K 16K 78643K 308 0
mount 1 1K 1K 78643K 1 0
vnodes 1216 76K 77K 78643K 1510 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 9 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 0K 78643K 127 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 5 13K 25K 78643K 500 0
sigio 0 0K 0K 78643K 4 0
proc 50 38K 63K 78643K 469 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 173 0
in_multi 77 4K 4K 78643K 144 0
ether_multi 1 0K 0K 78643K 16 0
mrt 0 0K 0K 78643K 10 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 67 307K 307K 78643K 67 0
exec 0 0K 1K 78643K 258 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 125 87K 87K 78643K 2030 0
UVM aobj 20 2K 2K 78643K 26 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 112 0
NDP 12 0K 0K 78643K 32 0
temp 119 3851K 3915K 78643K 8391 0
kqueue 3 4K 10K 78643K 29 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 9 0 2 1 0 1 1 0 8 0
rtpcb 80 46 0 43 1 0 1 1 0 8 0
rtentry 112 67 0 21 2 0 2 2 0 8 0
unpcb 120 191 0 183 1 0 1 1 0 8 0
syncache 264 10 0 10 4 3 1 1 0 8 1
tcpqe 32 38 0 38 1 1 0 1 0 8 0
tcpcb 544 448 0 443 2 1 1 2 0 8 0
ipq 40 2 0 2 1 1 0 1 0 8 0
ipqe 40 4 0 4 1 1 0 1 0 8 0
inpcb 280 902 0 893 5 3 2 2 0 8 1
rttmr 72 3 0 3 2 1 1 1 0 8 1
nd6 48 11 0 5 1 0 1 1 0 8 0
pfstscr 40 4 0 2 1 0 1 1 0 8 0
pfosfp 40 1 0 0 1 0 1 1 0 8 0
pfosfpen 112 1 0 0 1 0 1 1 0 8 0
pfrktable 1344 128 0 128 3 2 1 1 0 8 1
pftag 88 26 0 26 3 2 1 1 0 8 1
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 112 4 0 2 1 0 1 1 0 8 0
pfstate 328 2 0 1 1 0 1 1 0 8 0
pfrule 1360 22 0 22 4 3 1 1 0 8 1
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 282 0 83 14 1 13 13 0 8 0
art_table 32 284 0 83 2 0 2 2 0 8 0
art_node 16 66 0 24 1 0 1 1 0 8 0
sysvmsgpl 40 19 0 15 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 119 0 109 1 0 1 1 0 8 0
shmpl 112 24 0 6 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2194 0 797 88 0 88 88 0 8 0
ffsino 240 2194 0 797 83 0 83 83 0 8 0
nchpl 144 3150 0 1569 60 0 60 60 0 8 0
uvmvnodes 72 2431 0 0 45 0 45 45 0 8 0
vnodes 208 2431 0 0 128 0 128 128 0 8 0
namei 1024 8812 0 8812 3 2 1 1 0 8 1
vcpupl 1984 8 0 0 1 0 1 1 0 8 0
vmpool 528 14 0 6 1 0 1 1 0 8 0
pfiaddrpl 120 38 0 38 3 2 1 1 0 8 1
scxspl 192 9579 0 9579 1 0 1 1 0 8 1
plimitpl 152 53 0 46 1 0 1 1 0 8 0
sigapl 424 685 0 655 4 0 4 4 0 8 0
futexpl 56 10738 0 10738 3 2 1 1 0 8 1
knotepl 112 120 0 101 1 0 1 1 0 8 0
kqueuepl 144 86 0 82 1 0 1 1 0 8 0
pipelkpl 16 142 0 132 1 0 1 1 0 8 0
pipepl 120 284 0 265 1 0 1 1 0 8 0
fdescpl 432 669 0 655 2 0 2 2 0 8 0
filepl 120 4383 0 4286 4 0 4 4 0 8 1
lockfpl 104 158 0 157 1 0 1 1 0 8 0
lockfspl 48 52 0 51 1 0 1 1 0 8 0
sessionpl 112 18 0 8 1 0 1 1 0 8 0
pgrppl 48 30 0 20 1 0 1 1 0 8 0
ucredpl 96 472 0 465 1 0 1 1 0 8 0
zombiepl 144 655 0 655 1 0 1 1 0 8 1
processpl 920 685 0 655 4 0 4 4 0 8 0
procpl 624 1269 0 1230 4 0 4 4 0 8 0
sosppl 128 12 0 12 3 2 1 1 0 8 1
sockpl 400 1139 0 1121 4 1 3 3 0 8 1
mcl64k 65536 49 0 47 2 1 1 1 0 8 0
mcl16k 16384 8 0 8 3 3 0 1 0 8 0
mcl12k 12288 16 0 16 3 2 1 1 0 8 1
mcl9k 9216 10 0 10 2 2 0 1 0 8 0
mcl8k 8192 18 0 18 3 2 1 1 0 8 1
mcl4k 4096 37 0 37 4 3 1 1 0 8 1
mcl2k2 2112 4 0 4 2 1 1 1 0 8 1
mcl2k 2048 77101 0 77051 21 14 7 17 0 8 0
mtagpl 80 65 0 32 2 1 1 1 0 8 0
mbufpl 256 125350 0 124990 27 3 24 24 0 8 0
bufpl 280 4747 0 132 330 0 330 330 0 8 0
anonpl 16 87337 0 71306 96 27 69 80 0 107 2
amapchunkpl 152 3686 0 3541 26 12 14 20 0 158 8
amappl16 192 3704 0 2776 71 23 48 59 0 8 1
amappl15 184 111 0 110 1 0 1 1 0 8 0
amappl14 176 253 0 249 1 0 1 1 0 8 0
amappl13 168 34 0 31 1 0 1 1 0 8 0
amappl12 160 6 0 4 1 0 1 1 0 8 0
amappl11 152 52 0 43 1 0 1 1 0 8 0
amappl10 144 8 0 6 1 0 1 1 0 8 0
amappl9 136 382 0 378 1 0 1 1 0 8 0
amappl8 128 327 0 304 1 0 1 1 0 8 0
amappl7 120 121 0 107 1 0 1 1 0 8 0
amappl6 112 23 0 19 1 0 1 1 0 8 0
amappl5 104 603 0 592 1 0 1 1 0 8 0
amappl4 96 447 0 419 1 0 1 1 0 8 0
amappl3 88 354 0 348 1 0 1 1 0 8 0
amappl2 80 4538 0 4473 2 0 2 2 0 8 0
amappl1 72 21301 0 20894 24 15 9 17 0 8 0
amappl 80 1517 0 1471 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 25 0 6 1 0 1 1 0 8 0
uaddrrnd 24 683 0 661 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 683 0 661 1 0 1 1 0 8 0
vmmpekpl 168 8244 0 8213 2 0 2 2 0 8 0
vmmpepl 168 85975 0 83985 144 44 100 120 0 357 11
vmsppl 272 682 0 661 4 2 2 2 0 8 0
pdppl 4096 1372 0 1330 7 1 6 6 0 8 0
pvpl 32 246030 0 227005 215 33 182 193 0 265 20
pmappl 200 682 0 661 3 1 2 2 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 280 0 39 7 0 7 7 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff823c4058) at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff8242be75,ffffffff823d9a93,3ab,ffffffff823983a3) at __assert+0x2b sys/kern/subr_prf.c:154
rtm_output(ffff800000b23800,ffff8000207cfbc0,ffff8000207cfb18,40,0) at rtm_output+0xba9 sys/net/rtsock.c:1120
route_output(fffffd806bc22500,fffffd8068c35960,0,0) at route_output+0x678 sys/net/rtsock.c:832
route_usrreq(fffffd8068c35960,9,fffffd806bc22500,0,0,ffff80001d6c1eb8) at route_usrreq+0x36f sys/net/rtsock.c:275
sosend(fffffd8068c35960,0,ffff8000207cfdb0,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549
sendit(ffff80001d6c1eb8,3,ffff8000207cfe90,0,ffff8000207cff70) at sendit+0x52b sys/kern/uipc_syscalls.c:652
sys_sendto(ffff80001d6c1eb8,ffff8000207cff28,ffff8000207cff70) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:517
syscall(ffff8000207cfff0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xcebf34425a0, count: -11
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff823c4058) at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff8242be75,ffffffff823d9a93,3ab,ffffffff823983a3) at __assert+0x2b sys/kern/subr_prf.c:154
rtm_output(ffff800000b23800,ffff8000207cfbc0,ffff8000207cfb18,40,0) at rtm_output+0xba9 sys/net/rtsock.c:1120
route_output(fffffd806bc22500,fffffd8068c35960,0,0) at route_output+0x678 sys/net/rtsock.c:832
route_usrreq(fffffd8068c35960,9,fffffd806bc22500,0,0,ffff80001d6c1eb8) at route_usrreq+0x36f sys/net/rtsock.c:275
sosend(fffffd8068c35960,0,ffff8000207cfdb0,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549
sendit(ffff80001d6c1eb8,3,ffff8000207cfe90,0,ffff8000207cff70) at sendit+0x52b sys/kern/uipc_syscalls.c:652
sys_sendto(ffff80001d6c1eb8,ffff8000207cff28,ffff8000207cff70) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:517
syscall(ffff8000207cfff0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xcebf34425a0, count: -11