panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/rtsock.c", line 939 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 53666 29798 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823c001f) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82429cd1,ffffffff823d25e5,3ab,ffffffff82395e24) at __assert+0x2b sys/kern/subr_prf.c:154 rtm_output(ffff8000006b5000,ffff80001e7b4e00,ffff80001e7b4d58,40,0) at rtm_output+0xba9 sys/net/rtsock.c:1120 route_output(fffffd806bc21c00,fffffd8057b6d650,0,0) at route_output+0x678 sys/net/rtsock.c:832 route_usrreq(fffffd8057b6d650,9,fffffd806bc21c00,0,0,ffff80001d7099e0) at route_usrreq+0x36f sys/net/rtsock.c:275 sosend(fffffd8057b6d650,0,ffff80001e7b4ff0,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549 sendit(ffff80001d7099e0,6,ffff80001e7b50d0,0,ffff80001e7b51b0) at sendit+0x52b sys/kern/uipc_syscalls.c:652 sys_sendto(ffff80001d7099e0,ffff80001e7b5168,ffff80001e7b51b0) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:517 syscall(ffff80001e7b5230) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe47d09d9a30, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/rtsock.c", line 939 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823c001f) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82429cd1,ffffffff823d25e5,3ab,ffffffff82395e24) at __assert+0x2b sys/kern/subr_prf.c:154 rtm_output(ffff8000006b5000,ffff80001e7b4e00,ffff80001e7b4d58,40,0) at rtm_output+0xba9 sys/net/rtsock.c:1120 route_output(fffffd806bc21c00,fffffd8057b6d650,0,0) at route_output+0x678 sys/net/rtsock.c:832 route_usrreq(fffffd8057b6d650,9,fffffd806bc21c00,0,0,ffff80001d7099e0) at route_usrreq+0x36f sys/net/rtsock.c:275 sosend(fffffd8057b6d650,0,ffff80001e7b4ff0,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549 sendit(ffff80001d7099e0,6,ffff80001e7b50d0,0,ffff80001e7b51b0) at sendit+0x52b sys/kern/uipc_syscalls.c:652 sys_sendto(ffff80001d7099e0,ffff80001e7b5168,ffff80001e7b51b0) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:517 syscall(ffff80001e7b5230) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe47d09d9a30, count: -11 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80001e7b4bd0 rbx 0xffff80001e7b4c80 rdx 0x2 rcx 0 rax 0x1 r8 0xffffffff8155d16f kprintf+0x15f r9 0x1 r10 0x2 r11 0xb0eaa8861d6d963c r12 0x3000000008 r13 0xffff80001e7b4be0 r14 0x100 r15 0x1 rip 0xffffffff81ac0cb8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001e7b4bc0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=53666 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=74, nice=20 forw=0xffffffffffffffff, list=0xffff80001d70a130,0xffffffff827f7a58 process=0xffff80001e84a760 user=0xffff80001e7b0000, vmspace=0xfffffd806bc09330 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 29798 26007 86214 0 2 0 syz-executor.1 *29798 53666 86214 0 7 0x4000000 syz-executor.1 87499 4562 0 0 3 0x14280 nfsidl nfsio 11586 126012 0 0 3 0x14280 nfsidl nfsio 50067 249801 0 0 3 0x14280 nfsidl nfsio 59836 97010 0 0 3 0x14280 nfsidl nfsio 40931 236670 0 0 3 0x14280 nfsidl nfsio 40042 93748 0 0 3 0x14280 nfsidl nfsio 76865 246122 0 0 3 0x14280 nfsidl nfsio 44834 257485 0 0 3 0x14280 nfsidl nfsio 27701 429027 0 0 3 0x14280 nfsidl nfsio 85892 114937 0 0 3 0x14280 nfsidl nfsio 33347 508479 0 0 3 0x14280 nfsidl nfsio 74653 235094 0 0 3 0x14280 nfsidl nfsio 87141 95645 0 0 3 0x14280 nfsidl nfsio 61441 473540 0 0 3 0x14280 nfsidl nfsio 76993 415797 0 0 3 0x14280 nfsidl nfsio 8014 100434 0 0 3 0x14280 nfsidl nfsio 15403 370181 0 0 3 0x14280 nfsidl nfsio 40893 272408 0 0 3 0x14280 nfsidl nfsio 69113 371349 0 0 3 0x14280 nfsidl nfsio 15134 17739 0 0 3 0x14280 nfsidl nfsio 72148 295710 0 0 3 0x14200 bored sosplice 54609 371195 0 0 3 0x14200 acct acct 86214 291060 86243 0 2 0x482 syz-executor.1 27939 240707 86243 0 2 0x2 syz-executor.0 86243 1524 19140 0 3 0x82 thrsleep syz-fuzzer 86243 500799 19140 0 3 0x4000082 nanosleep syz-fuzzer 86243 445022 19140 0 3 0x4000082 kqread syz-fuzzer 86243 326148 19140 0 3 0x4000082 thrsleep syz-fuzzer 86243 234830 19140 0 3 0x4000082 thrsleep syz-fuzzer 86243 7462 19140 0 3 0x4000082 thrsleep syz-fuzzer 86243 58971 19140 0 3 0x4000082 thrsleep syz-fuzzer 19140 314302 98272 0 3 0x10008a pause ksh 98272 79531 78287 0 3 0x92 select sshd 54915 213610 1 0 3 0x100083 ttyin getty 78287 411730 1 0 3 0x80 select sshd 56930 26962 83248 73 3 0x100090 kqread syslogd 83248 270734 1 0 3 0x100082 netio syslogd 84025 321885 1 77 3 0x100090 poll dhclient 6175 442612 1 0 3 0x80 poll dhclient 52413 225645 0 0 3 0x14200 bored smr 66737 409252 0 0 2 0x14200 zerothread 3546 157285 0 0 3 0x14200 aiodoned aiodoned 40556 108554 0 0 3 0x14200 syncer update 45951 451486 0 0 3 0x14200 cleaner cleaner 61650 178749 0 0 3 0x14200 reaper reaper 17671 81357 0 0 3 0x14200 pgdaemon pagedaemon 9136 189304 0 0 3 0x14200 bored crynlk 4293 440451 0 0 3 0x14200 bored crypto 72204 300685 0 0 3 0x40014200 acpi0 acpi0 16387 14612 0 0 3 0x14200 bored softnet 64633 177629 0 0 3 0x14200 bored systqmp 58735 114329 0 0 3 0x14200 bored systq 65435 120341 0 0 2 0x40014200 softclock 97587 53613 0 0 3 0x40014200 idle0 1 312075 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9504 6344K 6786K 78643K 11157 0 pcb 13 8K 8K 78643K 69 0 rtable 74 3K 7K 78643K 451 0 ifaddr 73 14K 15K 78643K 156 0 counters 20 16K 16K 78643K 25 0 ioctlops 0 0K 4K 78643K 62 0 iov 0 0K 16K 78643K 61 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 1408 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 0K 0K 78643K 2 0 sem 12 1K 1K 78643K 18 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 341 0 sigio 0 0K 0K 78643K 4 0 proc 49 38K 54K 78643K 380 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 36 0 in_multi 51 2K 3K 78643K 99 0 ether_multi 1 0K 0K 78643K 13 0 mrt 0 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 209 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 128 39K 39K 78643K 1625 0 UVM aobj 6 2K 2K 78643K 18 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 37 0 NDP 12 0K 0K 78643K 23 0 temp 98 3849K 3915K 78643K 10855 0 kqueue 3 4K 8K 78643K 19 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 12 0 8 1 0 1 1 0 8 0 rtpcb 80 40 0 37 1 0 1 1 0 8 0 rtentry 112 71 0 47 2 0 2 2 0 8 0 unpcb 120 198 0 189 1 0 1 1 0 8 0 syncache 264 6 0 6 2 1 1 1 0 8 1 tcpqe 32 58 0 58 1 1 0 1 0 8 0 tcpcb 544 125 0 121 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 45 0 45 1 1 0 1 0 8 0 inpcb 280 1101 0 1093 2 0 2 2 0 8 1 nd6 48 8 0 5 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 0 1 1 0 8 1 pfosfp 40 1 0 0 1 0 1 1 0 8 0 pfosfpen 112 2 0 0 1 0 1 1 0 8 0 pfrktable 1344 58 0 56 2 1 1 1 0 8 0 pftag 88 10 0 10 2 1 1 1 0 8 1 pfrule 1360 18 0 12 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 324 0 178 13 0 13 13 0 8 3 art_table 32 326 0 178 2 0 2 2 0 8 0 art_node 16 70 0 49 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 9 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 10 0 0 1 0 1 1 0 8 0 shmpl 112 16 0 12 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1857 0 461 88 0 88 88 0 8 0 ffsino 240 1857 0 461 83 0 83 83 0 8 0 nchpl 144 2491 0 890 60 0 60 60 0 8 0 uvmvnodes 72 2030 0 0 37 0 37 37 0 8 0 vnodes 208 2030 0 0 107 0 107 107 0 8 0 namei 1024 6582 0 6582 1 0 1 1 0 8 1 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 528 4 0 2 1 0 1 1 0 8 0 pfiaddrpl 120 18 0 16 2 1 1 1 0 8 0 scxspl 192 7554 0 7554 1 0 1 1 0 8 1 plimitpl 152 52 0 45 1 0 1 1 0 8 0 sigapl 424 549 0 499 6 0 6 6 0 8 0 futexpl 56 7571 0 7571 1 0 1 1 0 8 1 knotepl 112 82 0 63 1 0 1 1 0 8 0 kqueuepl 144 56 0 52 1 0 1 1 0 8 0 pipelkpl 16 130 0 120 1 0 1 1 0 8 0 pipepl 120 260 0 241 2 1 1 2 0 8 0 fdescpl 432 513 0 499 2 0 2 2 0 8 0 filepl 120 3556 0 3458 5 1 4 5 0 8 1 lockfpl 104 77 0 76 1 0 1 1 0 8 0 lockfspl 48 28 0 27 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 21 0 11 1 0 1 1 0 8 0 ucredpl 96 375 0 368 1 0 1 1 0 8 0 zombiepl 144 499 0 499 1 0 1 1 0 8 1 processpl 920 549 0 499 7 0 7 7 0 8 0 procpl 624 933 0 876 5 0 5 5 0 8 0 sosppl 128 4 0 4 2 2 0 1 0 8 0 sockpl 400 1346 0 1326 5 1 4 4 0 8 1 mcl64k 65536 47 0 45 1 0 1 1 0 8 0 mcl16k 16384 2 0 2 1 1 0 1 0 8 0 mcl12k 12288 13 0 13 1 0 1 1 0 8 1 mcl9k 9216 6 0 6 1 0 1 1 0 8 1 mcl8k 8192 14 0 14 1 0 1 1 0 8 1 mcl4k 4096 34 0 34 2 1 1 1 0 8 1 mcl2k2 2112 2 0 2 1 1 0 1 0 8 0 mcl2k 2048 73708 0 73661 14 7 7 12 0 8 0 mtagpl 80 50 0 23 2 1 1 1 0 8 0 mbufpl 256 126032 0 125688 55 23 32 47 0 8 8 bufpl 280 4137 0 127 287 0 287 287 0 8 0 anonpl 16 58554 0 43282 69 2 67 67 0 107 1 amapchunkpl 152 2286 0 2155 13 7 6 13 0 158 0 amappl16 192 2615 0 1715 47 0 47 47 0 8 1 amappl15 184 2 0 0 1 0 1 1 0 8 0 amappl14 176 32 0 26 1 0 1 1 0 8 0 amappl13 168 27 0 24 1 0 1 1 0 8 0 amappl12 160 6 0 4 1 0 1 1 0 8 0 amappl11 152 44 0 35 1 0 1 1 0 8 0 amappl10 144 17 0 12 1 0 1 1 0 8 0 amappl9 136 511 0 508 1 0 1 1 0 8 0 amappl8 128 479 0 435 2 0 2 2 0 8 0 amappl7 120 114 0 101 1 0 1 1 0 8 0 amappl6 112 24 0 18 1 0 1 1 0 8 0 amappl5 104 470 0 459 1 0 1 1 0 8 0 amappl4 96 428 0 399 1 0 1 1 0 8 0 amappl3 88 117 0 111 1 0 1 1 0 8 0 amappl2 80 3264 0 3198 2 0 2 2 0 8 0 amappl1 72 18783 0 18376 23 14 9 17 0 8 0 amappl 80 1138 0 1097 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 17 0 12 1 0 1 1 0 8 0 uaddrrnd 24 517 0 501 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 517 0 501 1 0 1 1 0 8 0 vmmpekpl 168 7214 0 7180 2 0 2 2 0 8 0 vmmpepl 168 66600 0 64615 112 18 94 106 0 357 6 vmsppl 272 516 0 501 2 0 2 2 0 8 1 pdppl 4096 1040 0 1004 6 1 5 6 0 8 0 pvpl 32 189005 0 170662 163 0 163 163 0 265 6 pmappl 200 516 0 501 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 286 0 36 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823c001f) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82429cd1,ffffffff823d25e5,3ab,ffffffff82395e24) at __assert+0x2b sys/kern/subr_prf.c:154 rtm_output(ffff8000006b5000,ffff80001e7b4e00,ffff80001e7b4d58,40,0) at rtm_output+0xba9 sys/net/rtsock.c:1120 route_output(fffffd806bc21c00,fffffd8057b6d650,0,0) at route_output+0x678 sys/net/rtsock.c:832 route_usrreq(fffffd8057b6d650,9,fffffd806bc21c00,0,0,ffff80001d7099e0) at route_usrreq+0x36f sys/net/rtsock.c:275 sosend(fffffd8057b6d650,0,ffff80001e7b4ff0,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549 sendit(ffff80001d7099e0,6,ffff80001e7b50d0,0,ffff80001e7b51b0) at sendit+0x52b sys/kern/uipc_syscalls.c:652 sys_sendto(ffff80001d7099e0,ffff80001e7b5168,ffff80001e7b51b0) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:517 syscall(ffff80001e7b5230) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe47d09d9a30, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff823c001f) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82429cd1,ffffffff823d25e5,3ab,ffffffff82395e24) at __assert+0x2b sys/kern/subr_prf.c:154 rtm_output(ffff8000006b5000,ffff80001e7b4e00,ffff80001e7b4d58,40,0) at rtm_output+0xba9 sys/net/rtsock.c:1120 route_output(fffffd806bc21c00,fffffd8057b6d650,0,0) at route_output+0x678 sys/net/rtsock.c:832 route_usrreq(fffffd8057b6d650,9,fffffd806bc21c00,0,0,ffff80001d7099e0) at route_usrreq+0x36f sys/net/rtsock.c:275 sosend(fffffd8057b6d650,0,ffff80001e7b4ff0,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549 sendit(ffff80001d7099e0,6,ffff80001e7b50d0,0,ffff80001e7b51b0) at sendit+0x52b sys/kern/uipc_syscalls.c:652 sys_sendto(ffff80001d7099e0,ffff80001e7b5168,ffff80001e7b51b0) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:517 syscall(ffff80001e7b5230) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe47d09d9a30, count: -11