panic: kernel diagnostic assertion "ln != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 1369
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*171964 51322 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff821ddcb7,ffffffff821c132d,559,ffffffff821ab64c) at __assert+0x2b sys/kern/subr_prf.c:154
nd6_resolve(ffff800000a63000,fffffd802f084708,fffffd8037c0b800,fffffd8037006da0,ffff800014945fb8) at nd6_resolve+0x61f
ether_resolve(ffff800000a63000,fffffd8037c0b800,fffffd8037006da0,fffffd802f084708,ffff800014945fb8) at ether_resolve+0x244 sys/net/if_ethersubr.c:230
ether_output(ffff800000a63000,fffffd8037c0b800,fffffd8037006da0,fffffd802f084708) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:307 [inline]
ether_output(ffff800000a63000,fffffd8037c0b800,fffffd8037006da0,fffffd802f084708) at ether_output+0x47 sys/net/if_ethersubr.c:336
ip6_output(fffffd8037c0b000,0,fffffd8037006d90,0,0,fffffd8037006d20) at ip6_output+0x1b66 sys/netinet6/ip6_output.c:752
udp6_output(fffffd8037006d20,fffffd8037c0be00,0,0) at udp6_output+0x336 sys/netinet6/udp6_output.c:236
sosend(fffffd80363e5d88,0,ffff800014946478,0,0,0) at sosend+0x63d sys/kern/uipc_socket.c:524
dofilewritev(ffff800014915160,3,ffff800014946478,0,ffff800014946560) at dofilewritev+0x1ac sys/kern/sys_generic.c:364
sys_write(ffff800014915160,ffff800014946518,ffff800014946560) at sys_write+0x83 sys/kern/sys_generic.c:284
syscall(ffff8000149465e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,c,0,3,84c16168010) at Xsyscall+0x128
end of kernel
end trace frame: 0x84e6bc198d0, count: 2
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel diagnostic assertion "ln != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 1369
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff821ddcb7,ffffffff821c132d,559,ffffffff821ab64c) at __assert+0x2b sys/kern/subr_prf.c:154
nd6_resolve(ffff800000a63000,fffffd802f084708,fffffd8037c0b800,fffffd8037006da0,ffff800014945fb8) at nd6_resolve+0x61f
ether_resolve(ffff800000a63000,fffffd8037c0b800,fffffd8037006da0,fffffd802f084708,ffff800014945fb8) at ether_resolve+0x244 sys/net/if_ethersubr.c:230
ether_output(ffff800000a63000,fffffd8037c0b800,fffffd8037006da0,fffffd802f084708) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:307 [inline]
ether_output(ffff800000a63000,fffffd8037c0b800,fffffd8037006da0,fffffd802f084708) at ether_output+0x47 sys/net/if_ethersubr.c:336
ip6_output(fffffd8037c0b000,0,fffffd8037006d90,0,0,fffffd8037006d20) at ip6_output+0x1b66 sys/netinet6/ip6_output.c:752
udp6_output(fffffd8037006d20,fffffd8037c0be00,0,0) at udp6_output+0x336 sys/netinet6/udp6_output.c:236
sosend(fffffd80363e5d88,0,ffff800014946478,0,0,0) at sosend+0x63d sys/kern/uipc_socket.c:524
dofilewritev(ffff800014915160,3,ffff800014946478,0,ffff800014946560) at dofilewritev+0x1ac sys/kern/sys_generic.c:364
sys_write(ffff800014915160,ffff800014946518,ffff800014946560) at sys_write+0x83 sys/kern/sys_generic.c:284
syscall(ffff8000149465e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,c,0,3,84c16168010) at Xsyscall+0x128
end of kernel
end trace frame: 0x84e6bc198d0, count: -13
ddb> show registers
rdi 0xffffffff815adca7 db_enter+0x17
rsi 0x435b __ALIGN_SIZE+0x335b
rbp 0xffff800014945d60
rbx 0xffff800014945e10
rdx 0x435c __ALIGN_SIZE+0x335c
rcx 0xffff800016b55000
rax 0xffff800016b55000
r8 0xffff800014945d20
r9 0x1
r10 0xffff800000a620c0
r11 0xa8a183c45e8f54a8
r12 0x3000000008
r13 0xffff800014945d70
r14 0x100
r15 0x1
rip 0xffffffff815adca8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800014945d50
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=171964 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800014914c70,0xffff8000149153e8
process=0xffff8000ffff6010 user=0xffff800014941000, vmspace=0xfffffd803f013dd0
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
88216 214657 5260 0 2 0 syz-executor.1
88216 467437 5260 0 3 0x4000080 piperd syz-executor.1
51322 464656 39016 0 2 0 syz-executor.0
*51322 171964 39016 0 7 0x4000000 syz-executor.0
66485 451553 0 0 3 0x14200 bored sosplice
39016 23325 96564 0 3 0x82 nanosleep syz-executor.0
5260 117036 96564 0 3 0x82 nanosleep syz-executor.1
96564 212268 97094 0 3 0x82 thrsleep syz-fuzzer
96564 451785 97094 0 3 0x4000082 thrsleep syz-fuzzer
96564 148400 97094 0 3 0x4000082 kqread syz-fuzzer
96564 469107 97094 0 3 0x4000082 thrsleep syz-fuzzer
96564 222201 97094 0 3 0x4000082 thrsleep syz-fuzzer
96564 291754 97094 0 3 0x4000082 thrsleep syz-fuzzer
96564 39320 97094 0 3 0x4000082 thrsleep syz-fuzzer
97094 233825 88982 0 3 0x10008a pause ksh
88982 234393 79123 0 3 0x92 select sshd
47870 168966 1 0 3 0x100083 ttyin getty
79123 375382 1 0 3 0x80 select sshd
97514 381941 91182 73 3 0x100090 kqread syslogd
91182 408831 1 0 3 0x100082 netio syslogd
6483 188002 1 77 3 0x100090 poll dhclient
47728 261992 1 0 3 0x80 poll dhclient
39128 76951 0 0 2 0x14200 zerothread
74083 45071 0 0 3 0x14200 aiodoned aiodoned
7610 217922 0 0 3 0x14200 syncer update
42614 247662 0 0 3 0x14200 cleaner cleaner
36674 27817 0 0 3 0x14200 reaper reaper
42808 83094 0 0 3 0x14200 pgdaemon pagedaemon
29040 260606 0 0 3 0x14200 bored crynlk
20064 227053 0 0 3 0x14200 bored crypto
78803 228260 0 0 3 0x40014200 acpi0 acpi0
42918 38449 0 0 3 0x14200 bored softnet
74108 175146 0 0 3 0x14200 bored systqmp
7620 39097 0 0 3 0x14200 bored systq
76554 3755 0 0 2 0x40014200 softclock
29099 383306 0 0 3 0x40014200 idle0
37813 384838 0 0 3 0x14200 bored smr
1 477784 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9474 6328K 8442K 78643K 19256 0 0
pcb 13 8K 8K 78643K 76 0 0
rtable 121 5K 5K 78643K 1096 0 0
ifaddr 46 11K 12K 78643K 79 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 56 0 0
iov 1 1K 32K 78643K 573 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1229 77K 78K 78643K 4030 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 11 0 0
VM map 2 0K 0K 78643K 4 0 0
sem 12 1K 1K 78643K 1001 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1794 195K 288K 78643K 12723 0 0
file desc 6 17K 25K 78643K 3418 0 0
sigio 0 0K 0K 78643K 10 0 0
proc 48 38K 54K 78643K 400 0 0
subproc 32 2K 2K 78643K 34 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 766 0 0
in_multi 33 2K 2K 78643K 46 0 0
ether_multi 1 0K 0K 78643K 2 0 0
mrt 0 0K 0K 78643K 2 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 60 265K 265K 78643K 60 0 0
exec 0 0K 1K 78643K 234 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 102 21K 23K 78643K 10528 0 0
UVM aobj 26 2K 2K 78643K 43 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 74 0 0
NDP 8 0K 0K 78643K 20 0 0
temp 143 3534K 3600K 78643K 12236 0 0
kqueue 0 0K 0K 78643K 2 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 7 0 1 1 0 1 1 0 8 0
rtpcb 80 988 0 986 1 0 1 1 0 8 0
rtentry 112 52 0 6 2 0 2 2 0 8 0
unpcb 120 291 0 283 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 4186 0 4186 1 1 0 1 0 8 0
tcpcb 544 2061 0 2056 1 0 1 1 0 8 0
ipq 40 2 0 2 1 1 0 1 0 8 0
ipqe 40 4 0 4 1 1 0 1 0 8 0
inpcb 280 5861 0 5853 8 7 1 2 0 8 0
nd6 48 4 0 0 1 0 1 1 0 8 0
pkpcb 40 4 0 4 2 2 0 1 0 8 0
ppxss 1128 7 0 7 5 5 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 213 0 0 14 0 14 14 0 8 0
art_table 32 215 0 0 2 0 2 2 0 8 0
art_node 16 47 0 5 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 4 2 1 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 999 0 989 1 0 1 1 0 8 0
shmpl 112 41 0 17 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 6438 0 5049 46 0 46 46 0 8 0
ffsino 240 6438 0 5049 83 0 83 83 0 8 0
nchpl 144 11108 0 9486 61 0 61 61 0 8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0
vnodes 208 5926 0 0 312 0 312 312 0 8 0
namei 1024 26855 0 26855 2 1 1 1 0 8 1
vmpool 520 2 0 2 1 1 0 1 0 8 0
scsiplug 64 1 0 1 1 1 0 1 0 8 0
scxspl 192 27624 0 27624 8 7 1 7 0 8 1
plimitpl 152 57 0 50 1 0 1 1 0 8 0
sigapl 432 3589 0 3575 2 0 2 2 0 8 0
futexpl 56 60401 0 60401 1 0 1 1 0 8 1
knotepl 112 86 0 67 1 0 1 1 0 8 0
kqueuepl 104 862 0 860 1 0 1 1 0 8 0
pipepl 112 2522 0 2501 7 6 1 2 0 8 0
fdescpl 424 3590 0 3575 2 0 2 2 0 8 0
filepl 120 20504 0 20405 6 2 4 5 0 8 1
lockfpl 104 252 0 251 1 0 1 1 0 8 0
lockfspl 48 87 0 86 1 0 1 1 0 8 0
sessionpl 112 17 0 7 1 0 1 1 0 8 0
pgrppl 48 21 0 11 1 0 1 1 0 8 0
ucredpl 96 1292 0 1285 1 0 1 1 0 8 0
zombiepl 144 3575 0 3575 2 1 1 1 0 8 1
processpl 864 3605 0 3575 4 0 4 4 0 8 0
procpl 632 8519 0 8481 4 0 4 4 0 8 0
sosppl 128 4 0 4 2 2 0 1 0 8 0
sockpl 384 7163 0 7145 7 4 3 4 0 8 1
mcl64k 65536 273 0 273 42 42 0 33 0 8 0
mcl16k 16384 90 0 90 12 12 0 1 0 8 0
mcl12k 12288 97 0 97 19 19 0 1 0 8 0
mcl9k 9216 235 0 235 14 13 1 1 0 8 1
mcl8k 8192 1040 0 1040 4 3 1 1 0 8 1
mcl4k 4096 732 0 714 12 9 3 3 0 8 0
mcl2k2 2112 9 0 9 8 8 0 1 0 8 0
mcl2k 2048 66897 0 66730 30 7 23 23 0 8 0
mtagpl 80 169 0 43 4 1 3 3 0 8 0
mbufpl 256 141597 0 140658 79 19 60 69 0 8 0
bufpl 256 9586 0 4743 303 0 303 303 0 8 0
anonpl 16 2995174 0 2981449 110 39 71 87 0 62 0
amapchunkpl 152 34214 0 34111 14 7 7 7 0 158 3
amappl16 192 165197 0 164434 107 63 44 60 0 8 3
amappl15 184 4200 0 4196 1 0 1 1 0 8 0
amappl14 176 43 0 36 1 0 1 1 0 8 0
amappl12 160 11 0 8 1 0 1 1 0 8 0
amappl11 152 44 0 32 1 0 1 1 0 8 0
amappl10 144 7 0 7 1 1 0 1 0 8 0
amappl9 136 2188 0 2178 1 0 1 1 0 8 0
amappl8 128 1782 0 1747 2 0 2 2 0 8 0
amappl7 120 35 0 31 1 0 1 1 0 8 0
amappl6 112 68 0 59 1 0 1 1 0 8 0
amappl5 104 160 0 150 1 0 1 1 0 8 0
amappl4 96 3888 0 3860 1 0 1 1 0 8 0
amappl3 88 453 0 446 1 0 1 1 0 8 0
amappl2 80 30737 0 30661 3 1 2 3 0 8 0
amappl1 72 77529 0 77101 26 16 10 20 0 8 0
amappl 80 10060 0 10024 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma64 64 259 0 259 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 42 0 17 1 0 1 1 0 8 0
uaddrrnd 24 3592 0 3575 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3592 0 3575 1 0 1 1 0 8 0
vmmpekpl 168 25504 0 25481 2 0 2 2 0 8 0
vmmpepl 168 574504 0 572575 155 65 90 103 0 357 4
vmsppl 272 3589 0 3575 2 1 1 2 0 8 0
pdppl 4096 7190 0 7154 6 1 5 6 0 8 0
pvpl 32 3790739 0 3773938 272 109 163 206 0 265 0
pmappl 200 3591 0 3577 1 0 1 1 0 8 0
extentpl 40 38 0 22 1 0 1 1 0 8 0
phpool 112 597 0 97 16 1 15 16 0 8 0