ãÒ™Ppanic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/net/route.c", line 946 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 94992 15620 0 0 0 1 syz-executor.0 * 16501 89755 0 0 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff827cd2be,ffffffff82783e29,3b2,ffffffff827a4243) at __assert+0x25 sys/kern/subr_prf.c:157 rtrequest(1,ffff800026787770,8,ffff800026787838,0) at rtrequest+0xc17 sys/net/route.c:946 rt_ifa_add(ffff800000cb8000,40004,ffff800000cb8068,0) at rt_ifa_add+0x260 sys/net/route.c:1126 in_ifinit(ffff800021220070,ffff800000cb8000,ffff800026787960,1) at in_ifinit+0x3af pppx_add_session(ffff800000d25600,ffff800000d47800) at pppx_add_session+0x34e sys/net/if_pppx.c:731 VOP_IOCTL(fffffd806edc18b8,82907003,ffff800000d47800,1,fffffd807f7d7548,ffff80002474ade8) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806472cc00,82907003,ffff800000d47800,ffff80002474ade8) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002474ade8,ffff800026787ca8,ffff800026787cf0) at sys_ioctl+0x4a2 syscall(ffff800026787d70) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff800026787d70) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9d9a6206f60, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/net/route.c", line 946 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff827cd2be,ffffffff82783e29,3b2,ffffffff827a4243) at __assert+0x25 sys/kern/subr_prf.c:157 rtrequest(1,ffff800026787770,8,ffff800026787838,0) at rtrequest+0xc17 sys/net/route.c:946 rt_ifa_add(ffff800000cb8000,40004,ffff800000cb8068,0) at rt_ifa_add+0x260 sys/net/route.c:1126 in_ifinit(ffff800021220070,ffff800000cb8000,ffff800026787960,1) at in_ifinit+0x3af pppx_add_session(ffff800000d25600,ffff800000d47800) at pppx_add_session+0x34e sys/net/if_pppx.c:731 VOP_IOCTL(fffffd806edc18b8,82907003,ffff800000d47800,1,fffffd807f7d7548,ffff80002474ade8) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806472cc00,82907003,ffff800000d47800,ffff80002474ade8) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002474ade8,ffff800026787ca8,ffff800026787cf0) at sys_ioctl+0x4a2 syscall(ffff800026787d70) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff800026787d70) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9d9a6206f60, count: -12 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800026787590 rbx 0xffffffff82b25b8f cpu_info_full_primary+0x2b8f rdx 0xffff800000d0a980 rcx 0 rax 0xffff80002474ade8 r8 0 r9 0x8080808080808080 r10 0x6b7c4a52892a9f46 r11 0x3f957a63e8e084cb r12 0xffffffff82b25990 cpu_info_full_primary+0x2990 r13 0 r14 0 r15 0x1 rip 0xffffffff81b420b8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800026787580 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.3) pid=16501 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000212f6030,0xffff80002474a060 process=0xffff80002122f680 user=0xffff800026782000, vmspace=0xfffffd8066c6c530 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 15620 94992 4088 0 7 0 syz-executor.0 15620 435216 4088 0 3 0x4000080 fsleep syz-executor.0 15620 43527 4088 0 3 0x4000080 fsleep syz-executor.0 31345 510888 18149 0 2 0 syz-executor.6 31345 96063 18149 0 3 0x4000000 clonelk syz-executor.6 31345 155068 18149 0 3 0x4000000 clonelk syz-executor.6 89755 214489 77974 0 2 0 syz-executor.3 *89755 16501 77974 0 7 0x4000000 syz-executor.3 29019 222348 45589 0 3 0x80 nanoslp syz-executor.1 29019 435055 45589 0 3 0x4000080 fsleep syz-executor.1 29019 156459 45589 0 3 0x4000080 fsleep syz-executor.1 26828 64644 55576 0 3 0x80 nanoslp syz-executor.5 26828 466537 55576 0 3 0x4000080 fsleep syz-executor.5 26828 507974 55576 0 3 0x4000080 ttyout syz-executor.5 81406 443036 24434 0 3 0x82 piperd syz-executor.2 55576 240583 24434 0 3 0x82 nanoslp syz-executor.5 4088 20995 24434 0 2 0x482 syz-executor.0 4196 245120 1 0 3 0x100083 ttyin getty 77974 390521 24434 0 2 0x482 syz-executor.3 45589 432086 24434 0 2 0x482 syz-executor.1 37768 242044 24434 0 2 0x482 syz-executor.7 43332 366871 0 0 3 0x14280 nfsidl nfsio 27139 507212 0 0 3 0x14280 nfsidl nfsio 48243 15679 0 0 3 0x14280 nfsidl nfsio 1416 387368 0 0 3 0x14280 nfsidl nfsio 48814 3230 0 0 3 0x14280 nfsidl nfsio 56070 174265 0 0 3 0x14280 nfsidl nfsio 80424 476544 0 0 3 0x14280 nfsidl nfsio 3749 64592 0 0 3 0x14280 nfsidl nfsio 15480 84127 0 0 3 0x14280 nfsidl nfsio 34498 121846 0 0 3 0x14280 nfsidl nfsio 39691 123124 0 0 3 0x14280 nfsidl nfsio 96743 280960 0 0 3 0x14280 nfsidl nfsio 71425 264506 0 0 3 0x14280 nfsidl nfsio 3283 442740 0 0 3 0x14280 nfsidl nfsio 87308 64144 0 0 3 0x14280 nfsidl nfsio 94884 522624 0 0 3 0x14280 nfsidl nfsio 96002 472450 0 0 3 0x14280 nfsidl nfsio 61909 251397 0 0 3 0x14280 nfsidl nfsio 52048 93372 0 0 3 0x14280 nfsidl nfsio 80435 279956 0 0 3 0x14280 nfsidl nfsio 7747 80941 0 0 3 0x14200 bored sosplice 18149 129354 24434 0 2 0x2 syz-executor.6 24434 41343 32399 0 3 0x82 wait syz-fuzzer 24434 158291 32399 0 3 0x4000082 thrsleep syz-fuzzer 24434 395263 32399 0 3 0x4000082 wait syz-fuzzer 24434 135597 32399 0 3 0x4000082 thrsleep syz-fuzzer 24434 168640 32399 0 3 0x4000082 wait syz-fuzzer 24434 243805 32399 0 3 0x4000082 thrsleep syz-fuzzer 24434 521524 32399 0 3 0x4000082 wait syz-fuzzer 24434 439980 32399 0 3 0x4000082 wait syz-fuzzer 24434 348307 32399 0 3 0x4000082 thrsleep syz-fuzzer 24434 291913 32399 0 3 0x4000082 thrsleep syz-fuzzer 24434 393811 32399 0 3 0x4000082 thrsleep syz-fuzzer 24434 512669 32399 0 3 0x4000082 thrsleep syz-fuzzer 24434 391689 32399 0 3 0x4000082 kqread syz-fuzzer 24434 241130 32399 0 3 0x4000082 wait syz-fuzzer 24434 379401 32399 0 3 0x4000082 wait syz-fuzzer 24434 477056 32399 0 3 0x4000082 wait syz-fuzzer 24434 270420 32399 0 3 0x4000082 thrsleep syz-fuzzer 32399 309402 20899 0 3 0x10008a sigsusp ksh 20899 391529 80122 0 3 0x9a kqread sshd 80122 438545 1 0 3 0x88 kqread sshd 53959 373934 93512 74 3 0x1100092 bpf pflogd 93512 314739 1 0 3 0x80 netio pflogd 53715 498332 43839 73 3 0x1100090 kqread syslogd 43839 261092 1 0 3 0x100082 netio syslogd 6202 89694 1 0 2 0x100080 resolvd 44156 277715 0 0 2 0x40014200 smr 97702 351888 0 0 2 0x14200 zerothread 42133 523616 0 0 3 0x14200 aiodoned aiodoned 39340 27650 0 0 3 0x14200 syncer update 25031 473124 0 0 3 0x14200 cleaner cleaner 80629 435119 0 0 3 0x14200 reaper reaper 33546 452293 0 0 3 0x14200 pgdaemon pagedaemon 99758 268987 0 0 3 0x14200 bored viomb 96201 103212 0 0 3 0x40014200 acpi0 acpi0 57608 363646 0 0 3 0x40014200 idle1 6642 50868 0 0 3 0x14200 bored softnet 66900 117802 0 0 3 0x14200 bored softnet 41637 376184 0 0 3 0x14200 bored softnet 20034 358106 0 0 3 0x14200 bored softnet 81344 509630 0 0 3 0x14200 bored systqmp 57562 322530 0 0 3 0x14200 bored systq 44986 376105 0 0 3 0x40014200 bored softclock 35266 389253 0 0 3 0x40014200 idle0 1 59282 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 89755 (syz-executor.3) thread 0xffff80002474ade8 (16501) exclusive rwlock netlock r = 0 (0xffffffff82b49670) #0 witness_lock+0x44d #1 pppx_add_session+0x33a sys/net/if_pppx.c:730 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:525 #4 sys_ioctl+0x4a2 #5 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] #5 syscall+0x606 sys/arch/amd64/amd64/trap.c:625 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82db6228) #0 witness_lock+0x44d #1 vn_ioctl+0x41 sys/kern/vfs_vnops.c:508 #2 sys_ioctl+0x4a2 #3 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] #3 syscall+0x606 sys/arch/amd64/amd64/trap.c:625 #4 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10244 6507K 7011K 78643K 15778 0 pcb 13 18K 21K 78643K 849 0 rtable 235 16K 17K 78643K 1090 0 ifaddr 91 28K 28K 78643K 378 0 sysctl 2 0K 0K 78643K 4 0 counters 66 36K 36K 78643K 358 0 ioctlops 1 1K 4K 78643K 1774 0 iov 0 0K 24K 78643K 595 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1470 92K 92K 78643K 3933 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 59 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 461 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 16 57K 93K 78643K 4515 0 sigio 0 0K 0K 78643K 77 0 proc 66 67K 115K 78643K 955 0 subproc 104 6K 6K 78643K 328 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 405 0 in_multi 93 6K 6K 78643K 337 0 ether_multi 1 0K 0K 78643K 28 0 mrt 1 0K 0K 78643K 13 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 229 1023K 1023K 78643K 229 0 exec 0 0K 1K 78643K 1287 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 338 103K 980K 78643K 33254 0 UVM aobj 131 4K 4K 78643K 146 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 145 0 NDP 15 0K 1K 78643K 113 0 temp 142 5778K 5866K 78643K 57867 0 kqueue 8 14K 26K 78643K 440 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 316 0 315 4 2 2 3 0 8 1 rtentry 112 368 0 264 5 1 4 4 0 8 0 unpcb 144 5117 0 5107 51 50 1 10 0 8 0 syncache 296 23 0 23 10 10 0 1 0 8 0 tcpqe 32 1194 0 1194 8 8 0 1 0 8 0 tcpcb 776 1034 0 1030 34 33 1 11 0 8 0 arp 120 77 0 59 1 0 1 1 0 8 0 inpcb 368 7373 0 7362 108 101 7 19 0 8 5 nd6 48 55 0 34 1 0 1 1 0 8 0 kcovpl 48 25 0 17 1 0 1 1 0 8 0 mppekey 1024 75 0 75 4 4 0 1 0 8 0 ppxss 1256 108 0 106 9 8 1 1 0 8 0 pppxif 1456 18 0 16 6 5 1 1 0 8 0 pfstscr 40 44 0 44 2 2 0 1 0 8 0 pffrag 232 14 0 13 3 2 1 1 0 482 0 pffrnode 88 14 0 13 3 2 1 1 0 8 0 pffrent 40 98 0 97 3 2 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1280 374 0 0 32 0 32 32 0 8 0 pfstitem 24 158 0 107 1 0 1 1 0 8 0 pfstkey 128 197 0 146 3 1 2 2 0 8 0 pfstate 384 191 0 140 8 2 6 6 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 rttmr 136 3 0 3 1 1 0 1 0 8 0 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 1353 0 927 40 9 31 31 0 8 1 art_table 32 1355 0 928 4 0 4 4 0 8 0 art_node 16 361 0 271 1 0 1 1 0 8 0 sysvmsgpl 40 40 0 0 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 458 0 448 1 0 1 1 0 8 0 shmpl 112 143 0 15 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 7317 0 5859 93 1 92 92 0 8 0 ffsino 272 7317 0 5859 98 0 98 98 0 8 0 nchpl 144 13589 0 13020 63 39 24 63 0 8 0 rtmask 32 1 0 1 1 1 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 48147 0 48147 4 3 1 2 0 8 1 percpumem 16 192 0 146 1 0 1 1 0 8 0 vmpool 696 6 0 6 2 2 0 1 0 8 0 kstatmem 264 156 0 126 3 1 2 3 0 8 0 scxspl 216 38360 0 38360 21 17 4 8 0 8 4 plimitpl 152 519 0 503 1 0 1 1 0 8 0 sigapl 424 4823 0 4759 12 4 8 8 0 8 0 futexpl 64 42495 0 42490 3 2 1 1 0 8 0 knotepl 120 578 0 0 11 0 11 11 0 8 0 kqueuepl 216 1084 0 1077 27 23 4 5 0 8 3 pipepl 320 896 0 869 29 26 3 9 0 8 0 fdescpl 496 4785 0 4759 6 2 4 5 0 8 0 filepl 152 34821 0 34587 82 68 14 20 0 8 2 lockfpl 104 1043 0 1041 1 0 1 1 0 8 0 lockfspl 48 383 0 381 1 0 1 1 0 8 0 sessionpl 144 34 0 18 1 0 1 1 0 8 0 pgrppl 48 40 0 24 1 0 1 1 0 8 0 ucredpl 104 3770 0 3761 1 0 1 1 0 8 0 zombiepl 144 4761 0 4759 2 1 1 1 0 8 0 processpl 1072 4823 0 4759 6 1 5 5 0 8 0 procpl 696 13158 0 13069 15 5 10 10 0 8 0 srpgc 96 9 0 9 4 3 1 1 0 8 1 sosppl 168 1351 0 1350 4 3 1 1 0 8 0 sockpl 488 12808 0 12786 301 289 12 36 0 8 9 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 15 0 0 2 0 2 2 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 13 0 0 1 0 1 1 0 8 0 mcl8k 8192 25 0 0 3 0 3 3 0 8 0 mcl4k 4096 25 0 0 3 0 3 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 408 0 0 49 1 48 49 0 8 0 mtagpl 96 416 0 0 11 0 11 11 0 8 0 mbufpl 256 2046 0 0 121 0 121 121 0 8 0 bufpl 288 10911 0 4589 452 0 452 452 0 8 0 anonpl 24 1040357 0 1021398 220 80 140 141 0 186 4 amapchunkpl 152 327015 0 326081 4437 4397 40 4420 0 158 2 amappl16 200 12958 0 12381 131 89 42 43 0 8 8 amappl15 192 25 0 23 2 1 1 1 0 8 0 amappl14 184 214 0 202 2 1 1 2 0 8 0 amappl13 176 4 0 3 2 1 1 1 0 8 0 amappl12 168 553 0 547 1 0 1 1 0 8 0 amappl11 160 57 0 49 1 0 1 1 0 8 0 amappl10 152 51 0 42 3 2 1 1 0 8 0 amappl9 144 1008 0 1007 1 0 1 1 0 8 0 amappl8 136 374 0 292 3 0 3 3 0 8 0 amappl7 128 193 0 170 2 0 2 2 0 8 0 amappl6 120 247 0 231 2 1 1 2 0 8 0 amappl5 112 204 0 196 1 0 1 1 0 8 0 amappl4 104 698 0 661 3 1 2 2 0 8 0 amappl3 96 14126 0 14072 3 1 2 2 0 8 0 amappl2 88 5383 0 5321 5 3 2 4 0 8 0 amappl1 80 111710 0 111020 29 11 18 28 0 8 1 amappl 88 32506 0 32306 8 2 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 145 0 15 3 0 3 3 0 8 0 uaddrrnd 24 4791 0 4765 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4791 0 4765 1 0 1 1 0 8 0 vmmpekpl 168 41691 0 41626 4 0 4 4 0 8 0 vmmpepl 168 454364 0 451670 260 115 145 154 0 357 18 vmsppl 440 4790 0 4765 8 4 4 5 0 8 0 rwobjpl 56 128517 0 120782 129 14 115 115 0 8 0 pdppl 4096 9589 0 9530 322 253 69 83 0 8 10 pvpl 32 1993279 0 1968813 477 241 236 366 0 265 14 pmappl 248 4790 0 4765 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1319 0 383 28 0 28 28 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff827cd2be,ffffffff82783e29,3b2,ffffffff827a4243) at __assert+0x25 sys/kern/subr_prf.c:157 rtrequest(1,ffff800026787770,8,ffff800026787838,0) at rtrequest+0xc17 sys/net/route.c:946 rt_ifa_add(ffff800000cb8000,40004,ffff800000cb8068,0) at rt_ifa_add+0x260 sys/net/route.c:1126 in_ifinit(ffff800021220070,ffff800000cb8000,ffff800026787960,1) at in_ifinit+0x3af pppx_add_session(ffff800000d25600,ffff800000d47800) at pppx_add_session+0x34e sys/net/if_pppx.c:731 VOP_IOCTL(fffffd806edc18b8,82907003,ffff800000d47800,1,fffffd807f7d7548,ffff80002474ade8) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806472cc00,82907003,ffff800000d47800,ffff80002474ade8) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002474ade8,ffff800026787ca8,ffff800026787cf0) at sys_ioctl+0x4a2 syscall(ffff800026787d70) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff800026787d70) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9d9a6206f60, count: -12 ddb{0}> machine ddbcpu 1