panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1089
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 63077 5190 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8341b456) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83455832,ffffffff83496b9e,441,ffffffff83483afd) at __assert+0x29 sys/kern/subr_prf.c:-1
rtrequest(1,ffff80003c9197a8,4,ffff80003c919850,0) at rtrequest+0xfea
rt_ifa_add(ffff800001613a00,840100,ffff800001613a68,0) at rt_ifa_add+0x22e sys/net/route.c:1284
in_ifinit(ffff8000015e6800,ffff800001613a00,ffff80003c919ac0,1) at in_ifinit+0x4bb in_insert_prefix sys/netinet/in.c:789 [inline]
in_ifinit(ffff8000015e6800,ffff800001613a00,ffff80003c919ac0,1) at in_ifinit+0x4bb sys/netinet/in.c:722
in_ioctl_change_ifaddr(8040691a,ffff80003c919ab0,ffff8000015e6800) at in_ioctl_change_ifaddr+0x91c sys/netinet/in.c:523
ifioctl(ffff8000015f8f28,8040691a,ffff80003c919ab0,ffff800030cc1ca0) at ifioctl+0x16c4 pru_control sys/sys/protosw.h:353 [inline]
ifioctl(ffff8000015f8f28,8040691a,ffff80003c919ab0,ffff800030cc1ca0) at ifioctl+0x16c4 sys/net/if.c:2554
sys_ioctl(ffff800030cc1ca0,ffff80003c919c80,ffff80003c919bd0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c919c80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c919c80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xfed21ce6070, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1089
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8341b456) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83455832,ffffffff83496b9e,441,ffffffff83483afd) at __assert+0x29 sys/kern/subr_prf.c:-1
rtrequest(1,ffff80003c9197a8,4,ffff80003c919850,0) at rtrequest+0xfea
rt_ifa_add(ffff800001613a00,840100,ffff800001613a68,0) at rt_ifa_add+0x22e sys/net/route.c:1284
in_ifinit(ffff8000015e6800,ffff800001613a00,ffff80003c919ac0,1) at in_ifinit+0x4bb in_insert_prefix sys/netinet/in.c:789 [inline]
in_ifinit(ffff8000015e6800,ffff800001613a00,ffff80003c919ac0,1) at in_ifinit+0x4bb sys/netinet/in.c:722
in_ioctl_change_ifaddr(8040691a,ffff80003c919ab0,ffff8000015e6800) at in_ioctl_change_ifaddr+0x91c sys/netinet/in.c:523
ifioctl(ffff8000015f8f28,8040691a,ffff80003c919ab0,ffff800030cc1ca0) at ifioctl+0x16c4 pru_control sys/sys/protosw.h:353 [inline]
ifioctl(ffff8000015f8f28,8040691a,ffff80003c919ab0,ffff800030cc1ca0) at ifioctl+0x16c4 sys/net/if.c:2554
sys_ioctl(ffff800030cc1ca0,ffff80003c919c80,ffff80003c919bd0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c919c80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c919c80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xfed21ce6070, count: -11
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c9195b0
rbx 0xfffffd807d6c2ef8
rdx 0xffff8000015de5c0
rcx 0
rax 0xffff800030cc1ca0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xcfeab5ce905a3907
r11 0x9d56e2da6e05cdd
r12 0
r13 0xffff80003c919850
r14 0
r15 0x1
rip 0xffffffff8299e7c5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c9195a0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=63077 pid=5190 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff800030cc0018,0xffffffff83a6b408
process=0xffff8000ffff9f98 user=0xffff80003c914000, vmspace=0xfffffd806cb1a5d0
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
5190 271092 67765 0 2 0 syz-executor
* 5190 63077 67765 0 7 0x4000000 syz-executor
55696 173911 63723 0 2 0 syz-executor
55696 133304 63723 0 3 0x4000080 fsleep syz-executor
27887 297431 0 0 3 0x14200 acct acct
44110 293639 82062 0 2 0 syz-executor
44110 104899 82062 0 3 0x4000080 kqsel syz-executor
44110 491161 82062 0 3 0x4000080 fsleep syz-executor
78687 331667 41261 0 2 0xc80 syz-executor
78687 109643 41261 0 3 0x4000000 smrbar syz-executor
78687 243604 41261 0 3 0x4000080 fsleep syz-executor
65054 409340 45465 0 2 0 syz-executor
65054 267995 45465 0 2 0x4000000 syz-executor
65054 346085 45465 0 3 0x4000000 inode syz-executor
65054 103995 45465 0 3 0x4000000 inode syz-executor
59643 9008 2812 0 2 0xc80 syz-executor
59643 61234 2812 0 3 0x4000080 kqsel syz-executor
59643 373964 2812 0 3 0x4000080 fsleep syz-executor
49866 3123 46560 0 3 0x80 nanoslp syz-executor
49866 230463 46560 0 3 0x4000080 netcon syz-executor
82062 381601 41984 0 3 0x82 nanoslp syz-executor
67765 57131 41984 0 3 0x82 nanoslp syz-executor
63723 269294 41984 0 2 0xc82 syz-executor
2812 36671 41984 0 2 0xc82 syz-executor
46560 344622 41984 0 3 0x82 nanoslp syz-executor
57610 151131 41984 0 2 0x2 syz-executor
41261 9383 41984 0 2 0xc82 syz-executor
45465 467733 41984 0 2 0xc82 syz-executor
41984 165235 38905 0 3 0x82 kqread syz-executor
38905 315778 80183 0 3 0x10008a sigsusp ksh
80183 62682 10815 0 3 0x98 kqread sshd-session
10815 255906 93761 0 3 0x92 kqread sshd-session
87464 506704 1 0 3 0x100083 ttyin getty
93761 337953 1 0 3 0x88 kqread sshd
26714 202112 75521 73 3 0x1100090 kqread syslogd
75521 457056 1 0 3 0x100082 sbwait syslogd
67655 283764 1 0 3 0x100080 kqread resolvd
66162 28433 25822 77 3 0x100092 kqread dhcpleased
99229 146289 25822 77 3 0x100092 kqread dhcpleased
25822 268155 1 0 3 0x80 kqread dhcpleased
21803 134576 0 0 3 0x14200 bored smr
42431 221751 0 0 2 0x14200 zerothread
38581 176085 0 0 3 0x14200 aiodoned aiodoned
73800 291294 0 0 3 0x14200 syncer update
99903 453368 0 0 3 0x14200 cleaner cleaner
63094 309078 0 0 3 0x14200 reaper reaper
2028 215695 0 0 3 0x14200 pgdaemon pagedaemon
55664 65773 0 0 3 0x14200 bored viomb
69820 220684 0 0 3 0x40014200 acpi0 acpi0
13812 215754 0 0 3 0x14200 bored softnet0
30009 459142 0 0 2 0x14200 systqmp
70230 467380 0 0 3 0x14200 bored systq
60616 86303 0 0 3 0x40014200 tmoslp softclock
60699 363836 0 0 3 0x40014200 idle0
1 87359 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11033 12167K 12283K 166960K 12256 0
pcb 17 12K 12K 166960K 43 0
rtable 260 9K 9K 166960K 408 0
pf 31 13K 17K 166960K 48 0
ifaddr 44 8K 8K 166960K 49 0
ifgroup 50 2K 2K 166960K 52 0
sysctl 3 1K 9K 166960K 7 0
counters 33 17K 17K 166960K 34 0
ioctlops 0 0K 4K 166960K 41 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1296 82K 82K 166960K 1440 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 1K 166960K 2 0
VM map 2 1K 1K 166960K 2 0
sem 6 0K 0K 166960K 6 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 97K 166960K 210 0
proc 59 59K 124K 166960K 497 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
in_multi 99 7K 7K 166960K 99 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 4 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 37 175K 175K 166960K 37 0
exec 0 0K 1K 166960K 367 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 227 159K 167K 166960K 3598 0
UVM aobj 3 2K 2K 166960K 3 0
pinsyscall 38 76K 96K 166960K 1291 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 3 0
NDP 11 0K 2K 166960K 28 0
temp 35 9062K 9126K 166960K 4129 0
kqueue 15 24K 29K 166960K 38 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 41 0 38 1 0 1 1 0 8 0
rtentry 136 123 0 7 5 0 5 5 0 8 1
unpcb 144 57 0 40 1 0 1 1 0 8 0
syncache 336 3 0 3 1 0 1 1 0 8 1
tcpcb 736 19 0 11 1 0 1 1 0 8 0
arp 96 22 0 2 1 0 1 1 0 8 0
ipq 40 2 0 0 1 0 1 1 0 8 0
ipqe 40 3 0 1 1 0 1 1 0 8 0
inpcb 328 102 0 90 2 0 2 2 0 8 0
ip6q 72 1 0 1 1 0 1 1 0 8 1
ip6af 40 2 0 2 1 0 1 1 0 8 1
nd6 112 24 0 0 1 0 1 1 0 8 0
pkpcb 40 1 0 1 1 0 1 1 0 8 1
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1072 1 0 1 1 0 1 1 0 8 1
pfrktable 1344 7 0 5 1 0 1 1 0 8 0
pfanchor 1288 3 0 1 1 0 1 1 0 8 0
pftag 88 1 0 1 1 0 1 1 0 8 1
pfrule 1360 2 0 1 1 0 1 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 479 0 7 30 0 30 30 0 8 0
art_table 40 481 0 7 5 0 5 5 0 8 0
art_node 32 124 0 18 1 0 1 1 0 8 0
semapl 112 4 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1706 0 245 92 0 92 92 0 8 0
ffsino 256 1706 0 245 92 0 92 92 0 8 0
nchpl 144 1976 0 286 63 0 63 63 0 8 0
vnodes 216 1835 0 0 102 0 102 102 0 8 0
namei 1024 5663 0 5660 2 0 2 2 0 8 1
pfiaddrpl 120 3 0 2 1 0 1 1 0 8 0
kstatmem 264 24 0 2 2 0 2 2 0 8 0
scxspl 216 7692 0 7692 8 0 8 8 1 8 8
plimitpl 152 29 0 12 1 0 1 1 0 8 0
sigapl 424 501 0 458 6 0 6 6 0 8 1
knotepl 120 6552 0 6248 18 0 18 18 0 8 7
kqueuepl 184 39 0 27 1 0 1 1 0 8 0
pipepl 304 120 0 92 3 0 3 3 0 8 0
fdescpl 448 487 0 458 5 0 5 5 0 8 1
filepl 120 1647 0 1428 7 0 7 7 0 8 0
lockfpl 104 20 0 18 1 0 1 1 0 8 0
lockfspl 48 10 0 8 1 0 1 1 0 8 0
sessionpl 144 22 0 14 1 0 1 1 0 8 0
pgrppl 48 30 0 14 1 0 1 1 0 8 0
ucredpl 104 78 0 67 1 0 1 1 0 8 0
zombiepl 144 458 0 458 1 0 1 1 0 8 1
processpl 1152 501 0 458 4 0 4 4 0 8 0
procpl 664 594 0 539 5 0 5 5 0 8 0
sosppl 176 1 0 1 1 0 1 1 0 8 1
sockpl 552 202 0 170 3 0 3 3 0 8 0
mcl64k 65536 39 0 39 1 0 1 1 0 8 1
mcl16k 16384 8 0 8 1 0 1 1 0 8 1
mcl12k 12288 4 0 4 1 0 1 1 0 8 1
mcl9k 9216 5 0 5 1 0 1 1 0 8 1
mcl8k 8192 25 0 25 1 0 1 1 0 8 1
mcl4k 4096 2640 0 2589 15 0 15 15 0 8 8
mcl2k2 2112 1 0 1 1 0 1 1 0 8 1
mcl2k 2048 161 0 161 1 0 1 1 0 8 1
mtagpl 96 7 0 5 1 0 1 1 0 8 0
mbufpl 256 4995 0 4854 11 0 11 11 0 8 0
bufpl 280 3489 0 102 242 0 242 242 0 8 0
anonpl 24 106848 0 103098 36 0 36 36 0 187 13
amapchunkpl 152 10374 0 9882 28 0 28 28 0 158 8
amappl16 200 2072 0 2014 6 0 6 6 0 8 2
amappl15 192 17 0 17 1 0 1 1 0 8 1
amappl14 184 408 0 407 1 0 1 1 0 8 0
amappl13 176 116 0 106 1 0 1 1 0 8 0
amappl12 168 721 0 693 2 0 2 2 0 8 0
amappl11 160 6 0 6 1 0 1 1 0 8 1
amappl10 152 58 0 48 1 0 1 1 0 8 0
amappl9 144 263 0 263 1 0 1 1 0 8 1
amappl8 136 103 0 102 1 0 1 1 0 8 0
amappl7 128 141 0 130 1 0 1 1 0 8 0
amappl6 120 153 0 152 1 0 1 1 0 8 0
amappl5 112 84 0 77 1 0 1 1 0 8 0
amappl4 104 251 0 235 1 0 1 1 0 8 0
amappl3 96 1833 0 1721 3 0 3 3 0 8 0
amappl2 88 496 0 444 2 0 2 2 0 8 0
amappl1 80 9285 0 8735 13 0 13 13 0 8 1
amappl 88 2918 0 2754 4 0 4 4 0 92 0
uvmvnodes 80 96 0 0 2 0 2 2 0 8 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 487 0 458 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 487 0 458 1 0 1 1 0 8 0
vmmpekpl 168 5495 0 5465 2 0 2 2 0 8 0
vmmpepl 168 38880 0 37068 83 0 83 83 0 357 2
vmsppl 368 486 0 458 4 0 4 4 0 8 1
rwobjpl 40 14151 0 13175 11 0 11 11 0 8 0
pdppl 4096 980 0 916 96 28 68 82 0 8 4
pvpl 32 246806 0 237122 112 0 112 112 0 265 29
pmappl 216 486 0 458 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 362 0 28 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8341b456) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83455832,ffffffff83496b9e,441,ffffffff83483afd) at __assert+0x29 sys/kern/subr_prf.c:-1
rtrequest(1,ffff80003c9197a8,4,ffff80003c919850,0) at rtrequest+0xfea
rt_ifa_add(ffff800001613a00,840100,ffff800001613a68,0) at rt_ifa_add+0x22e sys/net/route.c:1284
in_ifinit(ffff8000015e6800,ffff800001613a00,ffff80003c919ac0,1) at in_ifinit+0x4bb in_insert_prefix sys/netinet/in.c:789 [inline]
in_ifinit(ffff8000015e6800,ffff800001613a00,ffff80003c919ac0,1) at in_ifinit+0x4bb sys/netinet/in.c:722
in_ioctl_change_ifaddr(8040691a,ffff80003c919ab0,ffff8000015e6800) at in_ioctl_change_ifaddr+0x91c sys/netinet/in.c:523
ifioctl(ffff8000015f8f28,8040691a,ffff80003c919ab0,ffff800030cc1ca0) at ifioctl+0x16c4 pru_control sys/sys/protosw.h:353 [inline]
ifioctl(ffff8000015f8f28,8040691a,ffff80003c919ab0,ffff800030cc1ca0) at ifioctl+0x16c4 sys/net/if.c:2554
sys_ioctl(ffff800030cc1ca0,ffff80003c919c80,ffff80003c919bd0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c919c80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c919c80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xfed21ce6070, count: -11
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8341b456) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83455832,ffffffff83496b9e,441,ffffffff83483afd) at __assert+0x29 sys/kern/subr_prf.c:-1
rtrequest(1,ffff80003c9197a8,4,ffff80003c919850,0) at rtrequest+0xfea
rt_ifa_add(ffff800001613a00,840100,ffff800001613a68,0) at rt_ifa_add+0x22e sys/net/route.c:1284
in_ifinit(ffff8000015e6800,ffff800001613a00,ffff80003c919ac0,1) at in_ifinit+0x4bb in_insert_prefix sys/netinet/in.c:789 [inline]
in_ifinit(ffff8000015e6800,ffff800001613a00,ffff80003c919ac0,1) at in_ifinit+0x4bb sys/netinet/in.c:722
in_ioctl_change_ifaddr(8040691a,ffff80003c919ab0,ffff8000015e6800) at in_ioctl_change_ifaddr+0x91c sys/netinet/in.c:523
ifioctl(ffff8000015f8f28,8040691a,ffff80003c919ab0,ffff800030cc1ca0) at ifioctl+0x16c4 pru_control sys/sys/protosw.h:353 [inline]
ifioctl(ffff8000015f8f28,8040691a,ffff80003c919ab0,ffff800030cc1ca0) at ifioctl+0x16c4 sys/net/if.c:2554
sys_ioctl(ffff800030cc1ca0,ffff80003c919c80,ffff80003c919bd0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c919c80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c919c80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xfed21ce6070, count: -11