panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 949
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*326379 16229 0 0 0x4000000 0 syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827225ae) at panic+0x161 sys/kern/subr_prf.c:198
__assert(ffffffff827a1a10,ffffffff8275d618,3b5,ffffffff8277506a) at __assert+0x25 sys/kern/subr_prf.c:157
rtrequest(1,ffff80002eb21970,8,ffff80002eb21a38,0) at rtrequest+0xc17 sys/net/route.c:949
rt_ifa_add(ffff800000ce6e00,40004,ffff800000ce6e68,0) at rt_ifa_add+0x260 sys/net/route.c:1129
in_ifinit(ffff80002e8f4030,ffff800000ce6e00,ffff80002eb21b60,1) at in_ifinit+0x3af
pppx_add_session(ffff800000da6800,ffff800000d0fc00) at pppx_add_session+0x34e sys/net/if_pppx.c:703
VOP_IOCTL(fffffd806d0a22d8,82907003,ffff800000d0fc00,1,fffffd807f7d76e8,ffff8000ffff1328) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264
vn_ioctl(fffffd805b1c39d8,82907003,ffff800000d0fc00,ffff8000ffff1328) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:525
sys_ioctl(ffff8000ffff1328,ffff80002eb21ea8,ffff80002eb21ef0) at sys_ioctl+0x49e
syscall(ffff80002eb21f70) at syscall+0x4e6 sys/arch/amd64/amd64/trap.c:626
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb5aeacc8290, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 949
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827225ae) at panic+0x161 sys/kern/subr_prf.c:198
__assert(ffffffff827a1a10,ffffffff8275d618,3b5,ffffffff8277506a) at __assert+0x25 sys/kern/subr_prf.c:157
rtrequest(1,ffff80002eb21970,8,ffff80002eb21a38,0) at rtrequest+0xc17 sys/net/route.c:949
rt_ifa_add(ffff800000ce6e00,40004,ffff800000ce6e68,0) at rt_ifa_add+0x260 sys/net/route.c:1129
in_ifinit(ffff80002e8f4030,ffff800000ce6e00,ffff80002eb21b60,1) at in_ifinit+0x3af
pppx_add_session(ffff800000da6800,ffff800000d0fc00) at pppx_add_session+0x34e sys/net/if_pppx.c:703
VOP_IOCTL(fffffd806d0a22d8,82907003,ffff800000d0fc00,1,fffffd807f7d76e8,ffff8000ffff1328) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264
vn_ioctl(fffffd805b1c39d8,82907003,ffff800000d0fc00,ffff8000ffff1328) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:525
sys_ioctl(ffff8000ffff1328,ffff80002eb21ea8,ffff80002eb21ef0) at sys_ioctl+0x49e
syscall(ffff80002eb21f70) at syscall+0x4e6 sys/arch/amd64/amd64/trap.c:626
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb5aeacc8290, count: -12
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002eb217a0
rbx 0x10000 __ALIGN_SIZE+0xf000
rdx 0
rcx 0
rax 0xffff8000ffff1328
r8 0
r9 0x8080808080808080
r10 0xd83d91b75a996074
r11 0x2075f8611845225c
r12 0
r13 0xffff80002eb21970
r14 0
r15 0x1
rip 0xffffffff82493f98 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002eb21790
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.1) pid=326379 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=84, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff0020,0xffffffff82c50b28
process=0xffff8000265ad3c0 user=0xffff80002eb1d000, vmspace=0xfffffd807f013440
estcpu=34, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
16229 108302 28526 0 2 0 syz-executor.1
*16229 326379 28526 0 7 0x4000000 syz-executor.1
41707 348737 17891 0 2 0 syz-executor.6
41707 344167 17891 0 3 0x4000080 fsleep syz-executor.6
68513 382714 22529 0 2 0 syz-executor.5
68513 437515 22529 0 2 0x4000000 syz-executor.5
3304 474145 91007 0 2 0 syz-executor.4
3304 429798 91007 0 3 0x4000080 kqpoll syz-executor.4
3304 156035 91007 0 3 0x4000080 fsleep syz-executor.4
87355 188976 67120 0 2 0x2 syz-executor.3
91007 241331 67120 0 2 0x482 syz-executor.4
61011 295411 1 0 3 0x100083 ttyin getty
17891 67380 67120 0 3 0x82 nanoslp syz-executor.6
82301 229154 67120 0 2 0x2 syz-executor.0
28526 30092 67120 0 2 0x482 syz-executor.1
74542 389843 67120 0 3 0x82 nanoslp syz-executor.2
21948 203469 0 0 3 0x14280 nfsidl nfsio
96687 304164 0 0 3 0x14280 nfsidl nfsio
55204 434051 0 0 3 0x14280 nfsidl nfsio
42870 219128 0 0 3 0x14280 nfsidl nfsio
17907 96508 0 0 3 0x14280 nfsidl nfsio
78096 225169 0 0 3 0x14280 nfsidl nfsio
11791 393506 0 0 3 0x14280 nfsidl nfsio
92939 463415 0 0 3 0x14280 nfsidl nfsio
49513 155019 0 0 3 0x14280 nfsidl nfsio
37044 125068 0 0 3 0x14280 nfsidl nfsio
68912 220699 0 0 3 0x14280 nfsidl nfsio
80391 305890 0 0 3 0x14280 nfsidl nfsio
25244 110603 0 0 3 0x14280 nfsidl nfsio
56378 407308 0 0 3 0x14280 nfsidl nfsio
91728 331484 0 0 3 0x14280 nfsidl nfsio
13144 19522 0 0 3 0x14280 nfsidl nfsio
24638 228434 0 0 3 0x14280 nfsidl nfsio
40015 475345 0 0 3 0x14280 nfsidl nfsio
10213 518136 0 0 3 0x14280 nfsidl nfsio
15592 268881 0 0 3 0x14280 nfsidl nfsio
22529 411996 67120 0 3 0x82 nanoslp syz-executor.5
34677 295342 0 0 3 0x14200 bored sosplice
67120 114857 36929 0 3 0x82 thrsleep syz-fuzzer
67120 353055 36929 0 3 0x4000082 nanoslp syz-fuzzer
67120 148334 36929 0 3 0x4000082 wait syz-fuzzer
67120 271202 36929 0 3 0x4000082 wait syz-fuzzer
67120 473234 36929 0 3 0x4000082 wait syz-fuzzer
67120 30212 36929 0 3 0x4000082 thrsleep syz-fuzzer
67120 402140 36929 0 3 0x4000082 thrsleep syz-fuzzer
67120 370155 36929 0 3 0x4000082 thrsleep syz-fuzzer
67120 512133 36929 0 3 0x4000082 wait syz-fuzzer
67120 6408 36929 0 3 0x4000082 wait syz-fuzzer
67120 309504 36929 0 3 0x4000082 thrsleep syz-fuzzer
67120 381397 36929 0 3 0x4000082 kqread syz-fuzzer
67120 355085 36929 0 3 0x4000082 wait syz-fuzzer
67120 253840 36929 0 3 0x4000082 wait syz-fuzzer
67120 168292 36929 0 3 0x4000082 thrsleep syz-fuzzer
36929 406309 91905 0 3 0x10008a sigsusp ksh
91905 250433 12734 0 3 0x9a kqread sshd
12734 150228 1 0 3 0x88 kqread sshd
25021 120140 79855 73 3 0x1100090 kqread syslogd
79855 483846 1 0 3 0x100082 netio syslogd
76509 507508 1 0 2 0x100080 resolvd
8662 142081 52822 77 2 0x100092 dhcpleased
24474 8201 52822 77 3 0x100092 kqread dhcpleased
52822 213843 1 0 3 0x80 kqread dhcpleased
7239 315212 0 0 3 0x14200 bored smr
6993 457478 0 0 2 0x14200 zerothread
78388 70952 0 0 3 0x14200 aiodoned aiodoned
61173 351777 0 0 3 0x14200 syncer update
81950 299868 0 0 3 0x14200 cleaner cleaner
29520 215509 0 0 3 0x14200 reaper reaper
27163 470551 0 0 3 0x14200 pgdaemon pagedaemon
94251 153525 0 0 3 0x14200 bored viomb
41310 60690 0 0 3 0x40014200 acpi0 acpi0
72523 78351 0 0 3 0x14200 bored softnet
39078 82237 0 0 3 0x14200 bored softnet
19784 465318 0 0 3 0x14200 bored softnet
90173 67053 0 0 3 0x14200 bored softnet
13949 199655 0 0 3 0x14200 bored systqmp
62912 315912 0 0 3 0x14200 bored systq
23272 169140 0 0 2 0x40014200 softclock
75097 69476 0 0 3 0x40014200 idle0
1 103875 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10232 6511K 7936K 78643K 84985 0
pcb 13 18K 20K 78643K 2912 0
rtable 178 15K 18K 78643K 4664 0
ifaddr 79 22K 25K 78643K 1173 0
sysctl 3 1K 1K 78643K 5 0
counters 30 17K 17K 78643K 328 0
ioctlops 1 1K 4K 78643K 2613 0
iov 0 0K 30K 78643K 1894 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1797 112K 112K 78643K 31566 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 164 0
VM map 2 0K 0K 78643K 2 0
sem 18 16K 32K 78643K 1895 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 15 53K 85K 78643K 15414 0
sigio 0 0K 0K 78643K 211 0
proc 67 59K 108K 78643K 3356 0
subproc 104 6K 6K 78643K 1225 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 860 0
in_multi 64 4K 6K 78643K 1287 0
ether_multi 1 0K 0K 78643K 74 0
mrt 1 0K 0K 78643K 50 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 235 1049K 1049K 78643K 235 0
exec 0 0K 1K 78643K 3518 0
pfkey data 0 0K 0K 78643K 5 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 359 90K 103K 78643K 100836 0
UVM aobj 131 8K 8K 78643K 136 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 570 0
NDP 14 0K 2K 78643K 428 0
temp 144 5770K 39562K 78643K 268891 0
kqueue 12 18K 26K 78643K 1092 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 1980 0 1977 32 31 1 3 0 8 0
rtentry 112 1250 0 1179 5 2 3 4 0 8 0
unpcb 144 23702 0 23686 196 190 6 10 0 8 5
syncache 296 86 0 86 25 25 0 1 0 8 0
tcpqe 32 105 0 105 18 18 0 1 0 8 0
tcpcb 776 5595 0 5587 194 192 2 14 0 8 1
arp 88 199 0 186 1 0 1 1 0 8 0
ipq 40 122 0 122 10 10 0 1 0 8 0
ipqe 40 299 0 299 10 10 0 1 0 8 0
inpcb 336 15656 0 15643 270 268 2 15 0 8 0
nd6 48 296 0 280 1 0 1 1 0 8 0
pkpcb 40 93 0 93 7 7 0 1 0 8 0
kcovpl 48 94 0 86 1 0 1 1 0 8 0
mppekey 1024 1 0 0 1 0 1 1 0 8 0
ppxss 1160 135 0 133 21 20 1 1 0 8 0
pppxif 1360 72 0 70 13 12 1 1 0 8 0
pfstscr 40 76 0 76 3 3 0 1 0 8 0
pfosfp 40 10 0 8 1 0 1 1 0 8 0
pfosfpen 112 10 0 4 1 0 1 1 0 8 0
pfanchor 1280 693 36 181 43 0 43 43 0 8 0
pfqueue 264 7 0 7 2 2 0 1 0 8 0
pfstitem 24 6 0 4 1 0 1 1 0 8 0
pfstkey 128 88 0 84 1 0 1 1 0 8 0
pfstate 352 44 0 43 1 0 1 1 0 8 0
rttmr 136 16 0 16 4 4 0 1 0 8 0
art_heap8 4096 3 0 2 3 2 1 2 0 8 0
art_heap4 256 5289 0 4986 81 58 23 29 0 8 0
art_table 32 5292 0 4988 5 1 4 4 0 8 0
art_node 16 1244 0 1185 1 0 1 1 0 8 0
sysvmsgpl 40 9 0 3 1 0 1 1 0 8 0
semupl 112 9 0 9 2 2 0 1 0 8 0
semapl 112 1879 0 1863 1 0 1 1 0 8 0
shmpl 112 133 0 5 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 22058 0 20576 94 0 94 94 0 8 0
ffsino 240 22058 0 20576 88 0 88 88 0 8 0
nchpl 144 42535 0 41997 63 41 22 63 0 8 0
rtmask 32 5 0 5 2 2 0 1 0 8 0
uvmvnodes 80 6641 0 0 136 0 136 136 0 8 0
vnodes 216 6641 0 0 369 0 369 369 0 8 0
namei 1024 177445 0 177444 16 15 1 3 0 8 0
vmpool 664 126 0 126 16 15 1 1 0 8 1
kstatmem 264 466 0 438 3 0 3 3 0 8 0
scsiplug 72 16 0 16 4 4 0 1 0 8 0
scxspl 216 136435 0 136435 39 38 1 8 0 8 1
plimitpl 152 3818 0 3803 1 0 1 1 0 8 0
sigapl 424 15642 0 15579 9 1 8 9 0 8 0
futexpl 64 190481 0 190479 14 13 1 1 0 8 0
knotepl 120 221334 0 221260 78 73 5 10 0 8 0
kqueuepl 184 3151 0 3142 50 49 1 6 0 8 0
pipepl 288 3659 0 3569 87 80 7 11 0 8 0
fdescpl 432 15500 0 15474 6 2 4 4 0 8 0
filepl 120 138909 0 138544 227 215 12 21 0 8 0
lockfpl 104 5369 0 5367 16 15 1 3 0 8 0
lockfspl 48 1796 0 1794 2 1 1 2 0 8 0
sessionpl 144 113 0 97 1 0 1 1 0 8 0
pgrppl 48 245 0 229 1 0 1 1 0 8 0
ucredpl 104 15123 0 15106 1 0 1 1 0 8 0
zombiepl 144 15581 0 15579 2 1 1 1 0 8 0
processpl 1008 15642 0 15579 12 3 9 10 0 8 0
procpl 696 38777 0 38695 26 17 9 11 0 8 0
sosppl 168 108 0 108 19 19 0 1 0 8 0
sockpl 456 41493 0 41452 1073 1059 14 35 0 8 8
mcl64k 65536 1403 0 1403 42 41 1 1 0 8 1
mcl16k 16384 240 0 240 49 49 0 1 0 8 0
mcl12k 12288 758 0 758 41 40 1 1 0 8 1
mcl9k 9216 126 0 126 42 41 1 1 0 8 1
mcl8k 8192 967 0 967 39 38 1 1 0 8 1
mcl4k 4096 2876 0 2876 22 21 1 1 0 8 1
mcl2k2 2112 105 0 105 40 40 0 1 0 8 0
mcl2k 2048 105367 0 105297 80 70 10 36 0 8 0
mtagpl 96 2417 0 2372 36 29 7 12 0 8 1
mbufpl 256 598366 0 598149 1715 1683 32 297 0 8 4
bufpl 288 28875 0 22233 476 1 475 475 0 8 0
anonpl 24 2902285 0 2886396 324 195 129 185 0 188 0
amapchunkpl 152 313637 0 312930 170 130 40 64 0 158 0
amappl16 200 24455 0 23788 113 74 39 50 0 8 0
amappl15 192 119 0 116 1 0 1 1 0 8 0
amappl14 184 404 0 393 1 0 1 1 0 8 0
amappl13 176 3 0 3 1 1 0 1 0 8 0
amappl12 168 1467 0 1457 1 0 1 1 0 8 0
amappl11 160 46 0 36 1 0 1 1 0 8 0
amappl10 152 129 0 118 1 0 1 1 0 8 0
amappl9 144 999 0 998 3 2 1 1 0 8 0
amappl8 136 762 0 648 5 0 5 5 0 8 0
amappl7 128 335 0 310 2 0 2 2 0 8 0
amappl6 120 588 0 572 1 0 1 1 0 8 0
amappl5 112 643 0 636 1 0 1 1 0 8 0
amappl4 104 1455 0 1425 2 1 1 2 0 8 0
amappl3 96 43516 0 43462 2 0 2 2 0 8 0
amappl2 88 16776 0 16700 3 1 2 3 0 8 0
amappl1 80 346279 0 345558 29 12 17 22 0 8 0
amappl 88 98286 0 98102 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 135 0 5 3 0 3 3 0 8 0
uaddrrnd 24 15626 0 15600 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 15626 0 15600 1 0 1 1 0 8 0
vmmpekpl 168 114904 0 114845 4 0 4 4 0 8 0
vmmpepl 168 1434498 0 1431638 462 318 144 195 0 357 0
vmsppl 272 15625 0 15600 5 3 2 3 0 8 0
rwobjpl 24 361601 0 352981 57 3 54 54 0 8 0
pdppl 4096 31258 0 31200 933 869 64 74 0 8 6
pvpl 32 5917975 0 5896797 693 489 204 323 0 265 0
pmappl 216 15625 0 15600 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 4020 0 3212 31 6 25 31 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827225ae) at panic+0x161 sys/kern/subr_prf.c:198
__assert(ffffffff827a1a10,ffffffff8275d618,3b5,ffffffff8277506a) at __assert+0x25 sys/kern/subr_prf.c:157
rtrequest(1,ffff80002eb21970,8,ffff80002eb21a38,0) at rtrequest+0xc17 sys/net/route.c:949
rt_ifa_add(ffff800000ce6e00,40004,ffff800000ce6e68,0) at rt_ifa_add+0x260 sys/net/route.c:1129
in_ifinit(ffff80002e8f4030,ffff800000ce6e00,ffff80002eb21b60,1) at in_ifinit+0x3af
pppx_add_session(ffff800000da6800,ffff800000d0fc00) at pppx_add_session+0x34e sys/net/if_pppx.c:703
VOP_IOCTL(fffffd806d0a22d8,82907003,ffff800000d0fc00,1,fffffd807f7d76e8,ffff8000ffff1328) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264
vn_ioctl(fffffd805b1c39d8,82907003,ffff800000d0fc00,ffff8000ffff1328) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:525
sys_ioctl(ffff8000ffff1328,ffff80002eb21ea8,ffff80002eb21ef0) at sys_ioctl+0x49e
syscall(ffff80002eb21f70) at syscall+0x4e6 sys/arch/amd64/amd64/trap.c:626
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb5aeacc8290, count: -12
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827225ae) at panic+0x161 sys/kern/subr_prf.c:198
__assert(ffffffff827a1a10,ffffffff8275d618,3b5,ffffffff8277506a) at __assert+0x25 sys/kern/subr_prf.c:157
rtrequest(1,ffff80002eb21970,8,ffff80002eb21a38,0) at rtrequest+0xc17 sys/net/route.c:949
rt_ifa_add(ffff800000ce6e00,40004,ffff800000ce6e68,0) at rt_ifa_add+0x260 sys/net/route.c:1129
in_ifinit(ffff80002e8f4030,ffff800000ce6e00,ffff80002eb21b60,1) at in_ifinit+0x3af
pppx_add_session(ffff800000da6800,ffff800000d0fc00) at pppx_add_session+0x34e sys/net/if_pppx.c:703
VOP_IOCTL(fffffd806d0a22d8,82907003,ffff800000d0fc00,1,fffffd807f7d76e8,ffff8000ffff1328) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264
vn_ioctl(fffffd805b1c39d8,82907003,ffff800000d0fc00,ffff8000ffff1328) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:525
sys_ioctl(ffff8000ffff1328,ffff80002eb21ea8,ffff80002eb21ef0) at sys_ioctl+0x49e
syscall(ffff80002eb21f70) at syscall+0x4e6 sys/arch/amd64/amd64/trap.c:626
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb5aeacc8290, count: -12