[ 80.0691157] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/net/rtsock.c:319:39, member access within null pointer of type 'struct ifaddr' [ 80.0930964] cpu0: Begin traceback... [ 80.1290553] vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 [ 80.2390530] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352 [ 80.3390540] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429 [ 80.4390592] sysctl_rtable() at netbsd:sysctl_rtable+0x199c sysctl_iflist sys/net/rtsock.c:319 [inline] [ 80.4390592] sysctl_rtable() at netbsd:sysctl_rtable+0x199c sys/net/rtsock.c:477 [ 80.5190589] sysctl_dispatch() at netbsd:sysctl_dispatch+0x140 sys/kern/kern_sysctl.c:461 [ 80.6090552] sys___sysctl() at netbsd:sys___sysctl+0x1ca sys/kern/kern_sysctl.c:317 [ 80.6990592] syscall() at netbsd:syscall+0x28b sy_call sys/sys/syscallvar.h:65 [inline] [ 80.6990592] syscall() at netbsd:syscall+0x28b sy_invoke sys/sys/syscallvar.h:94 [inline] [ 80.6990592] syscall() at netbsd:syscall+0x28b sys/arch/x86/x86/syscall.c:137 [ 80.7191598] --- syscall (number 202) --- [ 80.7390587] netbsd:syscall+0x28b: [ 80.7390587] cpu0: End traceback... [ 80.7523207] fatal breakpoint trap in supervisor mode [ 80.7523207] trap type 1 code 0 rip 0xffffffff80235475 cs 0x8 rflags 0x246 cr2 0x40b193 ilevel 0x4 rsp 0xffffb40248116720 [ 80.7689547] curlwp 0xffffb31671b72480 pid 745.745 lowest kstack 0xffffb402481122c0 Stopped in pid 745.745 (dhcpcd) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:71 vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352 HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429 sysctl_rtable() at netbsd:sysctl_rtable+0x199c sysctl_iflist sys/net/rtsock.c:319 [inline] sysctl_rtable() at netbsd:sysctl_rtable+0x199c sys/net/rtsock.c:477 sysctl_dispatch() at netbsd:sysctl_dispatch+0x140 sys/kern/kern_sysctl.c:461 sys___sysctl() at netbsd:sys___sysctl+0x1ca sys/kern/kern_sysctl.c:317 syscall() at netbsd:syscall+0x28b sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x28b sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x28b sys/arch/x86/x86/syscall.c:137 --- syscall (number 202) --- netbsd:syscall+0x28b: Panic string: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/net/rtsock.c:319:39, member access within null pointer of type 'struct ifaddr' PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 397 400 3 1 180 ffffb31673001b00 syz-executor.3 parked 397 399 2 1 0 ffffb3167bdbe900 syz-executor.3 397 398 3 1 40180 ffffb31671c4aa00 syz-executor.3 parked 397 397 2 1 10040000 ffffb3167f14fb80 syz-executor.3 1721 1721 2 0 40000 ffffb31673001280 syz-executor.0 2016 2016 2 0 0 ffffb3167d8ca040 syz-executor.5 1198 1198 2 0 0 ffffb3167d8ca8c0 syz-executor.2 1628 1628 2 0 0 ffffb316716a7b40 syz-executor.4 1643 1643 3 1 180 ffffb31673156240 syz-executor.5 parked 1472 1472 4 1 1000100 ffffb316716a7700 syz-executor.3 1366 1366 3 0 180 ffffb316727a9500 syz-executor.2 parked 1363 1363 3 0 180 ffffb3167f14f300 syz-executor.1 parked 1208 1208 3 0 180 ffffb316730016c0 syz-executor.4 parked 336 336 3 0 180 ffffb316727a9940 syz-executor.2 parked 1242 587 3 1 180 ffffb3167bdbe080 syz-fuzzer kqueue 1242 1323 3 1 180 ffffb31673156680 syz-fuzzer parked 1242 1203 3 1 180 ffffb31671c4a5c0 syz-fuzzer wait 1242 1245 2 1 0 ffffb316721a5080 syz-fuzzer 1242 991 3 1 180 ffffb3167233e100 syz-fuzzer wait 1242 1382 3 1 180 ffffb316723d5580 syz-fuzzer wait 1242 1239 3 1 180 ffffb31671c4a180 syz-fuzzer wait 1242 1240 3 1 180 ffffb316715dd6c0 syz-fuzzer parked 1242 930 3 1 180 ffffb316716a72c0 syz-fuzzer parked 1242 449 3 0 180 ffffb3167327e700 syz-fuzzer parked 1242 1233 3 1 180 ffffb316718e6b80 syz-fuzzer parked 1242 944 3 1 180 ffffb31672348200 syz-fuzzer parked 1242 1237 3 0 180 ffffb31672697600 syz-fuzzer nanoslp 1242 1242 3 1 180 ffffb316723d59c0 syz-fuzzer wait 1083 1083 3 0 180 ffffb31672348a80 sshd select 1222 1222 3 0 180 ffffb31672348640 getty nanoslp 1226 1226 3 0 180 ffffb316715dd280 getty nanoslp 1225 1225 3 0 180 ffffb316712b4ac0 getty nanoslp 1224 1224 3 0 180 ffffb316712cf200 getty ttyraw 1103 1103 3 0 180 ffffb3167233e980 sshd select 1095 1095 3 0 180 ffffb316726971c0 powerd kqueue 429 429 3 0 180 ffffb31672697a40 syslogd kqueue 744 744 3 0 180 ffffb31671f88780 dhcpcd poll 559 559 3 1 180 ffffb31671f88bc0 dhcpcd poll 745 > 745 7 0 0 ffffb31671b72480 dhcpcd 601 601 3 0 180 ffffb316715ddb00 dhcpcd poll 487 487 3 0 180 ffffb316718e6300 dhcpcd poll 292 292 3 0 180 ffffb316718e6740 dhcpcd poll 485 > 485 7 1 0 ffffb31671b72040 dhcpcd 1 1 3 0 180 ffffb316690a7100 init wait 0 396 3 1 200 ffffb3167327eb40 ktrace ktrwait 0 1618 3 0 200 ffffb3167d8ca480 ktrace ktrwait 0 817 3 0 200 ffffb316712cf640 physiod physiod 0 196 3 1 200 ffffb316712b4680 pooldrain pooldrain 0 195 3 1 200 ffffb316712b4240 ioflush syncer 0 194 3 0 200 ffffb316712cfa80 pgdaemon pgdaemon 0 170 3 0 200 ffffb3166f1c6a40 usb7 usbevt 0 169 3 0 200 ffffb3166f1c6600 usb6 usbevt 0 168 3 0 200 ffffb3166f1c61c0 usb5 usbevt 0 167 3 0 200 ffffb3166c151a00 usb4 usbevt 0 166 3 0 200 ffffb3166c1515c0 usb3 usbevt 0 165 3 0 200 ffffb3166c151180 usb2 usbevt 0 31 3 0 200 ffffb3166a1049c0 usb1 usbevt 0 63 3 0 200 ffffb3166a104580 usb0 usbevt 0 126 3 1 200 ffffb3166a104140 usbtask-dr usbtsk 0 125 3 1 200 ffffb316690a7980 usbtask-hc usbtsk 0 124 3 0 200 ffffb31667495b00 swwreboot swwreboot 0 123 3 0 200 ffffb316690a7540 npfgc0 npfgcw 0 122 3 1 200 ffffb3166905f940 rt_free rt_free 0 121 3 1 200 ffffb3166905f500 unpgc unpgc 0 120 3 1 200 ffffb3166905f0c0 key_timehandler key_timehandler 0 119 3 1 200 ffffb3166904f900 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffffb3166904f4c0 icmp6_wqinput/0 icmp6_wqinput 0 117 3 1 200 ffffb3166904f080 nd6_timer nd6_timer 0 116 3 1 200 ffffb3166902b8c0 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffffb3166902b480 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffffb3166902b040 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffffb31668fdebc0 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffffb31668eff740 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffffb31668effb80 icmp_wqinput/0 icmp_wqinput 0 110 3 1 200 ffffb31668fde340 rt_timer rt_timer 0 109 3 0 200 ffffb31668fde780 vmem_rehash vmem_rehash 0 100 3 1 200 ffffb31668eff300 entbutler entropy 0 99 3 1 200 ffffb3166893eb40 viomb balloon 0 98 3 1 200 ffffb3166893e700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffffb3166893e2c0 vioif0_txrx/0 vioif0_txrx 0 30 3 0 200 ffffb316674956c0 scsibus0 sccomp 0 29 3 0 200 ffffb31667495280 pms0 pmsreset 0 28 3 1 200 ffffb316673b5ac0 xcall/1 xcall 0 27 1 1 200 ffffb316673b5680 softser/1 0 26 1 1 200 ffffb316673b5240 softclk/1 0 25 1 1 200 ffffb31667398a80 softbio/1 0 24 1 1 200 ffffb31667398640 softnet/1 0 23 1 1 201 ffffb31667398200 idle/1 0 22 3 0 200 ffffb31795733a40 lnxsyswq lnxsyswq 0 21 3 0 200 ffffb31795733600