panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 954
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 83723 84657 0 0 0x4000000 0 syz-executor.1
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8276c0fa) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff827ec2fc,ffffffff827ab8a1,3ba,ffffffff827c3c52) at __assert+0x29 sys/kern/subr_prf.c:157
rtrequest(1,ffff800021738228,8,ffff8000217382d0,0) at rtrequest+0xb67 sys/net/route.c:954
rt_ifa_add(ffff800000d0e700,40004,ffff800000d0e768,0) at rt_ifa_add+0x1ac sys/net/route.c:1134
in_ifinit(ffff800021740b08,ffff800000d0e700,ffff8000217383f0,1) at in_ifinit+0x3bf
pppx_add_session(ffff800000d61c00,ffff800000687c00) at pppx_add_session+0x35e sys/net/if_pppx.c:731
VOP_IOCTL(fffffd806d11b1f8,82907003,ffff800000687c00,81,fffffd807f7d7478,ffff800024bd1338) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd80648c1630,82907003,ffff800000687c00,ffff800024bd1338) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff800024bd1338,ffff800021738730,ffff800021738780) at sys_ioctl+0x49e
syscall(ffff800021738800) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb2267ef5230, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 954
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8276c0fa) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff827ec2fc,ffffffff827ab8a1,3ba,ffffffff827c3c52) at __assert+0x29 sys/kern/subr_prf.c:157
rtrequest(1,ffff800021738228,8,ffff8000217382d0,0) at rtrequest+0xb67 sys/net/route.c:954
rt_ifa_add(ffff800000d0e700,40004,ffff800000d0e768,0) at rt_ifa_add+0x1ac sys/net/route.c:1134
in_ifinit(ffff800021740b08,ffff800000d0e700,ffff8000217383f0,1) at in_ifinit+0x3bf
pppx_add_session(ffff800000d61c00,ffff800000687c00) at pppx_add_session+0x35e sys/net/if_pppx.c:731
VOP_IOCTL(fffffd806d11b1f8,82907003,ffff800000687c00,81,fffffd807f7d7478,ffff800024bd1338) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd80648c1630,82907003,ffff800000687c00,ffff800024bd1338) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff800024bd1338,ffff800021738730,ffff800021738780) at sys_ioctl+0x49e
syscall(ffff800021738800) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb2267ef5230, count: -12
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800021738030
rbx 0x10000 __ALIGN_SIZE+0xf000
rdx 0xffff800000dd91c0
rcx 0
rax 0xffff800024bd1338
r8 0
r9 0x8080808080808080
r10 0x20e682b343cf9de5
r11 0xcf118283d5e3a168
r12 0
r13 0xffff800021738228
r14 0
r15 0x1
rip 0xffffffff812a662c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff800021738020
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.1) pid=83723 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=59, nice=20
forw=0xffffffffffffffff, list=0xffff800024bd0b10,0xffffffff82d09490
process=0xffff8000ffff33b0 user=0xffff800021733000, vmspace=0xfffffd8069cc55d0
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
84657 487226 57791 0 2 0 syz-executor.1
*84657 83723 57791 0 7 0x4000000 syz-executor.1
85315 486403 97272 0 2 0 syz-executor.6
85315 205653 97272 0 3 0x4000080 fsleep syz-executor.6
83229 226240 52820 60928 2 0x10 syz-executor.2
83229 490930 52820 60928 3 0x4000090 fsleep syz-executor.2
83229 112250 52820 60928 3 0x4000090 fsleep syz-executor.2
79851 505945 57942 0 2 0x480 syz-executor.7
79851 464765 57942 0 3 0x4000080 fsleep syz-executor.7
57791 238329 70908 0 2 0x482 syz-executor.1
57162 243917 70908 0 2 0x2 syz-executor.3
5193 182297 70908 0 3 0x82 piperd syz-executor.4
15659 346299 1 0 3 0x100083 ttyin getty
52820 513356 70908 0 3 0x82 nanoslp syz-executor.2
55220 455611 70908 0 3 0x82 piperd syz-executor.0
40343 185707 0 0 3 0x14200 bored sosplice
97272 380270 70908 0 2 0x482 syz-executor.6
57942 178477 70908 0 2 0x482 syz-executor.7
70908 115320 72850 0 3 0x82 wait syz-fuzzer
70908 87296 72850 0 3 0x4000082 nanoslp syz-fuzzer
70908 145868 72850 0 3 0x4000082 thrsleep syz-fuzzer
70908 251551 72850 0 3 0x4000082 wait syz-fuzzer
70908 116260 72850 0 2 0x4000002 syz-fuzzer
70908 249269 72850 0 3 0x4000082 wait syz-fuzzer
70908 295202 72850 0 3 0x4000082 thrsleep syz-fuzzer
70908 450844 72850 0 3 0x4000082 wait syz-fuzzer
70908 126542 72850 0 3 0x4000082 wait syz-fuzzer
70908 20081 72850 0 3 0x4000082 wait syz-fuzzer
70908 330106 72850 0 3 0x4000082 thrsleep syz-fuzzer
70908 11873 72850 0 3 0x4000082 wait syz-fuzzer
70908 465485 72850 0 3 0x4000082 wait syz-fuzzer
70908 29401 72850 0 3 0x4000082 thrsleep syz-fuzzer
72850 137786 81036 0 3 0x10008a sigsusp ksh
81036 12717 85024 0 3 0x9a kqread sshd
85024 402949 1 0 3 0x88 kqread sshd
8522 248881 51402 73 3 0x1100090 kqread syslogd
51402 374103 1 0 3 0x100082 netio syslogd
95134 507764 1 0 2 0x100080 resolvd
18378 34770 26237 77 2 0x100092 dhcpleased
90892 143021 26237 77 3 0x100092 kqread dhcpleased
26237 155642 1 0 3 0x80 kqread dhcpleased
51674 180738 0 0 3 0x14200 bored smr
18795 387608 0 0 2 0x14200 zerothread
26941 216465 0 0 3 0x14200 aiodoned aiodoned
10847 501056 0 0 3 0x14200 syncer update
10067 238502 0 0 3 0x14200 cleaner cleaner
10684 398007 0 0 3 0x14200 reaper reaper
72918 128040 0 0 3 0x14200 pgdaemon pagedaemon
98986 488458 0 0 3 0x14200 bored viomb
76933 45884 0 0 3 0x40014200 acpi0 acpi0
4284 355137 0 0 3 0x14200 bored softnet3
70243 293286 0 0 3 0x14200 bored softnet2
30541 66675 0 0 3 0x14200 bored softnet1
47816 129121 0 0 3 0x14200 bored softnet0
39345 335761 0 0 3 0x14200 bored systqmp
88899 367196 0 0 3 0x14200 bored systq
13304 440772 0 0 2 0x40014200 softclock
11231 474677 0 0 3 0x40014200 idle0
1 54169 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10198 6683K 7003K 78643K 15763 0
pcb 13 14K 16K 78643K 924 0
rtable 188 15K 15K 78643K 1035 0
pf 42 11K 1038K 78643K 4974 0
ifaddr 44 11K 11K 78643K 182 0
ifgroup 71 2K 2K 78643K 290 0
sysctl 2 0K 0K 78643K 2 0
counters 32 17K 17K 78643K 179 0
ioctlops 1 1K 2K 78643K 422 0
iov 0 0K 24K 78643K 680 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1467 92K 92K 78643K 3664 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 68 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 966 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 14 49K 81K 78643K 4194 0
sigio 0 0K 0K 78643K 206 0
proc 61 59K 75K 78643K 884 0
subproc 104 6K 6K 78643K 208 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 121 0
in_multi 70 5K 7K 78643K 364 0
ether_multi 1 0K 0K 78643K 24 0
mrt 0 0K 0K 78643K 21 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 61 281K 281K 78643K 61 0
exec 0 0K 1K 78643K 1363 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 354 90K 104K 78643K 40832 0
UVM aobj 131 4K 4K 78643K 152 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 186 0
NDP 18 0K 1K 78643K 120 0
temp 75 5860K 14068K 78643K 39940 0
kqueue 13 20K 26K 78643K 382 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 448 0 445 8 7 1 3 0 8 0
rtentry 112 300 0 221 4 0 4 4 0 8 0
unpcb 144 4182 0 4163 38 37 1 6 0 8 0
syncache 296 17 0 17 6 6 0 1 0 8 0
tcpqe 32 195 0 195 5 5 0 1 0 8 0
tcpcb 776 1204 0 1200 45 43 2 8 0 8 1
arp 88 36 0 21 1 0 1 1 0 8 0
ipq 40 5 0 4 3 2 1 1 0 8 0
ipqe 40 80 0 79 3 2 1 1 0 8 0
inpcb 336 4143 0 4135 51 50 1 18 0 8 0
nd6 104 65 0 50 1 0 1 1 0 8 0
pkpcb 40 76 0 76 2 2 0 1 0 8 0
kcovpl 48 16 0 8 1 0 1 1 0 8 0
mppekey 1024 71 0 71 2 2 0 1 0 8 0
ppxss 1160 115 0 113 9 8 1 1 0 8 0
pppxif 1360 23 0 21 7 6 1 1 0 8 0
pfstscr 40 9 0 8 2 1 1 1 0 8 0
pfanchor 1288 962 3 512 46 3 43 43 0 8 0
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 128 12 0 10 2 1 1 1 0 8 0
pfstate 352 6 0 5 2 1 1 1 0 8 0
rttmr 136 6 0 6 2 2 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1407 0 1063 38 14 24 29 0 8 0
art_table 32 1408 0 1063 4 0 4 4 0 8 0
art_node 16 296 0 228 1 0 1 1 0 8 0
sysvmsgpl 40 10 0 5 1 0 1 1 0 8 0
semapl 112 962 0 952 1 0 1 1 0 8 0
shmpl 112 149 0 21 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 7089 0 5648 91 0 91 91 0 8 0
ffsino 240 7089 0 5648 86 0 86 86 0 8 0
nchpl 144 13066 0 12565 63 41 22 63 0 8 0
uvmvnodes 80 8828 0 0 181 0 181 181 0 8 0
vnodes 216 8828 0 0 491 0 491 491 0 8 0
namei 1024 52258 0 52257 4 3 1 3 0 8 0
kstatmem 264 150 0 118 5 2 3 3 0 8 0
scsiplug 72 9 0 9 3 3 0 1 0 8 0
scxspl 216 36274 0 36274 13 12 1 8 0 8 1
plimitpl 152 650 0 635 1 0 1 1 0 8 0
sigapl 424 4478 0 4436 6 0 6 6 0 8 0
futexpl 64 46569 0 46565 1 0 1 1 0 8 0
knotepl 120 74647 0 74568 50 46 4 16 0 8 1
kqueuepl 184 935 0 926 18 17 1 4 0 8 0
pipepl 288 925 0 898 22 19 3 7 0 8 0
fdescpl 432 4461 0 4436 4 0 4 4 0 8 0
filepl 120 37381 0 37132 45 36 9 16 0 8 0
lockfpl 104 1011 0 1009 1 0 1 1 0 8 0
lockfspl 48 356 0 354 1 0 1 1 0 8 0
sessionpl 144 33 0 17 1 0 1 1 0 8 0
pgrppl 48 51 0 35 1 0 1 1 0 8 0
ucredpl 104 4092 0 4078 1 0 1 1 0 8 0
zombiepl 144 4437 0 4436 1 0 1 1 0 8 0
processpl 1008 4478 0 4436 8 2 6 7 0 8 0
procpl 696 10717 0 10657 15 8 7 9 0 8 0
sosppl 168 31 0 31 4 4 0 1 0 8 0
sockpl 456 8884 0 8854 139 133 6 28 0 8 2
mcl64k 65536 235 0 235 4 3 1 1 0 8 1
mcl16k 16384 115 0 115 9 8 1 1 0 8 1
mcl12k 12288 154 0 154 5 4 1 1 0 8 1
mcl9k 9216 85 0 85 8 8 0 1 0 8 0
mcl8k 8192 329 0 329 2 1 1 1 0 8 1
mcl4k 4096 481 0 481 3 2 1 1 0 8 1
mcl2k2 2112 26 0 26 8 7 1 1 0 8 1
mcl2k 2048 79628 0 79579 40 32 8 30 0 8 0
mtagpl 96 465 0 422 6 2 4 4 0 8 0
mbufpl 256 184873 0 184738 637 610 27 144 0 8 3
bufpl 288 10080 0 3695 457 0 457 457 0 8 0
anonpl 24 584345 0 571733 168 54 114 120 0 188 5
amapchunkpl 152 130910 0 130056 63 24 39 47 0 158 4
amappl16 200 14171 0 13725 76 49 27 37 0 8 2
amappl15 192 21 0 21 1 1 0 1 0 8 0
amappl14 184 184 0 168 2 1 1 2 0 8 0
amappl13 176 19 0 18 1 0 1 1 0 8 0
amappl12 168 5207 0 5180 2 0 2 2 0 8 0
amappl11 160 55 0 45 1 0 1 1 0 8 0
amappl10 152 51 0 41 2 1 1 1 0 8 0
amappl9 144 166 0 165 2 1 1 2 0 8 0
amappl8 136 284 0 211 3 0 3 3 0 8 0
amappl7 128 85 0 66 1 0 1 1 0 8 0
amappl6 120 393 0 375 2 1 1 2 0 8 0
amappl5 112 228 0 222 1 0 1 1 0 8 0
amappl4 104 782 0 748 2 1 1 2 0 8 0
amappl3 96 25906 0 25828 3 0 3 3 0 8 0
amappl2 88 4781 0 4725 4 2 2 3 0 8 0
amappl1 80 24925 0 24426 22 10 12 22 0 8 0
amappl 88 40124 0 39897 7 1 6 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 151 0 21 3 0 3 3 0 8 0
uaddrrnd 24 4461 0 4436 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4461 0 4436 1 0 1 1 0 8 0
vmmpekpl 168 35515 0 35458 3 0 3 3 0 8 0
vmmpepl 168 283821 0 281653 234 117 117 152 0 357 11
vmsppl 368 4460 0 4436 3 0 3 3 0 8 0
rwobjpl 24 81538 0 71116 63 0 63 63 0 8 0
pdppl 4096 8928 0 8872 244 182 62 72 0 8 6
pvpl 32 1400983 0 1383277 377 177 200 335 0 265 16
pmappl 216 4460 0 4436 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1707 0 934 26 1 25 25 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8276c0fa) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff827ec2fc,ffffffff827ab8a1,3ba,ffffffff827c3c52) at __assert+0x29 sys/kern/subr_prf.c:157
rtrequest(1,ffff800021738228,8,ffff8000217382d0,0) at rtrequest+0xb67 sys/net/route.c:954
rt_ifa_add(ffff800000d0e700,40004,ffff800000d0e768,0) at rt_ifa_add+0x1ac sys/net/route.c:1134
in_ifinit(ffff800021740b08,ffff800000d0e700,ffff8000217383f0,1) at in_ifinit+0x3bf
pppx_add_session(ffff800000d61c00,ffff800000687c00) at pppx_add_session+0x35e sys/net/if_pppx.c:731
VOP_IOCTL(fffffd806d11b1f8,82907003,ffff800000687c00,81,fffffd807f7d7478,ffff800024bd1338) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd80648c1630,82907003,ffff800000687c00,ffff800024bd1338) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff800024bd1338,ffff800021738730,ffff800021738780) at sys_ioctl+0x49e
syscall(ffff800021738800) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb2267ef5230, count: -12
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8276c0fa) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff827ec2fc,ffffffff827ab8a1,3ba,ffffffff827c3c52) at __assert+0x29 sys/kern/subr_prf.c:157
rtrequest(1,ffff800021738228,8,ffff8000217382d0,0) at rtrequest+0xb67 sys/net/route.c:954
rt_ifa_add(ffff800000d0e700,40004,ffff800000d0e768,0) at rt_ifa_add+0x1ac sys/net/route.c:1134
in_ifinit(ffff800021740b08,ffff800000d0e700,ffff8000217383f0,1) at in_ifinit+0x3bf
pppx_add_session(ffff800000d61c00,ffff800000687c00) at pppx_add_session+0x35e sys/net/if_pppx.c:731
VOP_IOCTL(fffffd806d11b1f8,82907003,ffff800000687c00,81,fffffd807f7d7478,ffff800024bd1338) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd80648c1630,82907003,ffff800000687c00,ffff800024bd1338) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff800024bd1338,ffff800021738730,ffff800021738780) at sys_ioctl+0x49e
syscall(ffff800021738800) at syscall+0x4a8 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb2267ef5230, count: -12