login: panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1089 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 292 55693 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8334b61f) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8338d758,ffffffff833ca244,441,ffffffff833b571c) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c9a8b58,4,ffff80003c9a8c20,0) at rtrequest+0x115a rt_ifa_add(ffff800000b50200,840100,ffff800000b50240,0) at rt_ifa_add+0x38f sys/net/route.c:1284 in6_ioctl_change_ifaddr(8080691a,ffff80003c9a8df0,ffff800001470000) at in6_ioctl_change_ifaddr+0x789 sys/netinet6/in6.c:382 ifioctl(ffff800001513440,8080691a,ffff80003c9a8df0,ffff80003c9ab4e8) at ifioctl+0x1515 pru_control sys/sys/protosw.h:352 [inline] ifioctl(ffff800001513440,8080691a,ffff80003c9a8df0,ffff80003c9ab4e8) at ifioctl+0x1515 sys/net/if.c:2480 sys_ioctl(ffff80003c9ab4e8,ffff80003c9a8fc0,ffff80003c9a8f10) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c9a8fc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9a8fc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72396c36db0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1089 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8334b61f) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8338d758,ffffffff833ca244,441,ffffffff833b571c) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c9a8b58,4,ffff80003c9a8c20,0) at rtrequest+0x115a rt_ifa_add(ffff800000b50200,840100,ffff800000b50240,0) at rt_ifa_add+0x38f sys/net/route.c:1284 in6_ioctl_change_ifaddr(8080691a,ffff80003c9a8df0,ffff800001470000) at in6_ioctl_change_ifaddr+0x789 sys/netinet6/in6.c:382 ifioctl(ffff800001513440,8080691a,ffff80003c9a8df0,ffff80003c9ab4e8) at ifioctl+0x1515 pru_control sys/sys/protosw.h:352 [inline] ifioctl(ffff800001513440,8080691a,ffff80003c9a8df0,ffff80003c9ab4e8) at ifioctl+0x1515 sys/net/if.c:2480 sys_ioctl(ffff80003c9ab4e8,ffff80003c9a8fc0,ffff80003c9a8f10) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c9a8fc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9a8fc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72396c36db0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003c9a8980 rbx 0xfffffd806bb5f448 rdx 0 rcx 0 rax 0xffff80003c9ab4e8 r8 0x101010101010101 r9 0x8080808080808080 r10 0xf3e57cf268f2d55c r11 0x3d3beda55647e908 r12 0 r13 0xffff80003c9a8c20 r14 0 r15 0x1 rip 0xffffffff8136c4e5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c9a8970 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=292 pid=55693 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c9ab250,0xffff80003c9aa568 process=0xffff8000ffffba98 user=0xffff80003c9a4000, vmspace=0xfffffd806ba22a20 estcpu=36, cpticks=20, pctcpu=0.0, user=0, sys=20, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 55693 112081 30446 0 2 0 syz-executor *55693 292 30446 0 7 0x4000000 syz-executor 55693 91961 30446 0 3 0x4000080 fsleep syz-executor 55693 293783 30446 0 3 0x4000080 fsleep syz-executor 28714 503812 44849 0 2 0 syz-executor 5010 222879 45468 0 2 0 syz-executor 5010 132397 45468 0 3 0x4000080 fsleep syz-executor 5010 399295 45468 0 3 0x4000080 fsleep syz-executor 8758 436892 1117 0 2 0xc80 syz-executor 8758 141458 1117 0 3 0x4000000 smrbar syz-executor 8758 81847 1117 0 3 0x4000000 clonelk syz-executor 37596 107029 48073 0 2 0 syz-executor 37596 102475 48073 0 3 0x4000080 fsleep syz-executor 44810 99357 1 0 3 0x100083 ttyin getty 19729 467374 93717 0 4 0x82000 syz-executor 19729 205698 93717 0 2 0x4082000 syz-executor 19729 458022 93717 0 3 0x4002000 suspend syz-executor 44849 235813 18378 0 2 0xc82 syz-executor 48073 453564 18378 0 2 0xc82 syz-executor 30446 127339 18378 0 2 0xc82 syz-executor 1117 517693 18378 0 2 0xc82 syz-executor 89284 42025 0 0 3 0x14200 bored sosplice 26928 7953 18378 0 3 0x82 piperd syz-executor 45468 365443 18378 0 2 0xc82 syz-executor 93717 235554 18378 0 3 0x82 wait syz-executor 77429 446555 18378 0 2 0x2 syz-executor 18378 128502 76241 0 2 0x2 syz-executor 76241 394680 23151 0 3 0x10008a sigsusp ksh 23151 472149 21391 0 3 0x98 kqread sshd-session 21391 292593 48709 0 3 0x92 kqread sshd-session 48709 340017 1 0 3 0x88 kqread sshd 65429 46991 21273 73 3 0x1100090 kqread syslogd 21273 331389 1 0 3 0x100082 sbwait syslogd 29260 372665 1 0 3 0x100080 kqread resolvd 34589 305825 22904 77 3 0x100092 kqread dhcpleased 43431 279458 22904 77 3 0x100092 kqread dhcpleased 22904 266987 1 0 3 0x80 kqread dhcpleased 6342 439026 0 0 2 0x14200 smr 35454 365573 0 0 2 0x14200 zerothread 65920 234505 0 0 3 0x14200 aiodoned aiodoned 31249 404300 0 0 3 0x14200 syncer update 19617 301214 0 0 3 0x14200 cleaner cleaner 30121 416539 0 0 3 0x14200 reaper reaper 39579 521831 0 0 3 0x14200 pgdaemon pagedaemon 82659 447646 0 0 3 0x14200 bored viomb 71633 213908 0 0 3 0x40014200 acpi0 acpi0 61072 274144 0 0 3 0x14200 bored softnet0 63293 395198 0 0 3 0x14200 smrbar systqmp 40191 73867 0 0 3 0x14200 bored systq 74063 180247 0 0 2 0x40014200 softclock 34987 284820 0 0 3 0x40014200 idle0 1 464486 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10219 11098K 11707K 166960K 13205 0 pcb 19 22K 26K 166960K 1099 0 rtable 250 12K 12K 166960K 690 0 pf 34 13K 77K 166960K 207 0 ifaddr 44 8K 9K 166960K 168 0 ifgroup 54 2K 2K 166960K 277 0 sysctl 4 1K 9K 166960K 29 0 counters 33 17K 18K 166960K 184 0 ioctlops 0 0K 4K 166960K 977 0 iov 0 0K 32K 166960K 345 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1486 93K 94K 166960K 3412 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 34 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 265 0 dirhash 12 2K 2K 166960K 30 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 236K 166960K 2295 0 sigio 0 0K 0K 166960K 75 0 proc 60 59K 91K 166960K 915 0 subproc 72 4K 4K 166960K 126 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 343 0 in_multi 108 7K 7K 166960K 292 0 ether_multi 1 0K 0K 166960K 42 0 mrt 4 0K 0K 166960K 30 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 241 1076K 1076K 166960K 241 0 exec 0 0K 1K 166960K 814 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 218 135K 152K 166960K 21727 0 UVM aobj 115 3K 3K 166960K 125 0 pinsyscall 37 74K 95K 166960K 3455 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 141 0 NDP 14 0K 1K 166960K 114 0 temp 78 8648K 8776K 166960K 71664 0 kqueue 14 22K 32K 166960K 485 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 216 0 213 2 1 1 2 0 8 0 rtentry 136 240 0 148 4 0 4 4 0 8 0 unpcb 144 2355 0 2336 14 8 6 6 0 8 5 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 961 0 956 16 9 7 7 0 8 6 arp 96 32 0 20 1 0 1 1 0 8 0 ipq 40 8 0 3 1 0 1 1 0 8 0 ipqe 40 75 0 70 1 0 1 1 0 8 0 inpcb 328 3166 0 3154 38 29 9 18 0 8 8 ip6q 72 19 0 7 1 0 1 1 0 8 0 ip6af 40 26 0 14 1 0 1 1 0 8 0 nd6 112 43 0 21 1 0 1 1 0 8 0 pkpcb 40 45 0 45 4 3 1 1 0 8 1 kcovpl 48 14 0 6 1 0 1 1 0 8 0 ppxss 1072 121 0 121 2 1 1 1 0 8 1 pppxif 1384 11 0 11 2 1 1 1 0 8 1 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 2 0 0 1 0 1 1 0 8 0 pfstate 384 1 0 0 1 0 1 1 0 8 0 pfrule 1344 2 0 2 1 1 0 1 0 8 0 rttmr 136 4 0 4 2 1 1 1 0 8 1 art_heap8 4096 5 0 0 5 0 5 5 0 8 0 art_heap4 256 1160 0 687 36 6 30 31 0 8 0 art_table 40 1165 0 687 5 0 5 5 0 8 0 art_node 32 233 0 153 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 10 1 0 1 1 0 8 0 semapl 112 258 0 248 1 0 1 1 0 8 0 shmpl 112 122 0 10 4 0 4 4 0 8 0 dirhash 1024 29 0 12 3 0 3 3 0 8 0 dino2pl 256 5868 0 4362 95 0 95 95 0 8 0 ffsino 256 5868 0 4362 95 0 95 95 0 8 0 nchpl 144 9208 0 8672 64 33 31 64 0 8 8 rtmask 32 27 0 27 3 2 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 34643 0 34642 5 4 1 2 0 8 0 kstatmem 264 164 0 140 2 0 2 2 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 15 0 15 2 1 1 1 0 8 1 scxspl 216 33429 0 33429 23 15 8 8 1 8 8 plimitpl 152 341 0 324 1 0 1 1 0 8 0 sigapl 424 2549 0 2507 8 0 8 8 0 8 2 knotepl 120 159564 0 159274 52 40 12 23 0 8 3 kqueuepl 184 1040 0 1029 6 2 4 4 0 8 3 pipepl 304 418 0 391 10 7 3 8 0 8 0 fdescpl 448 2510 0 2482 5 1 4 5 0 8 0 filepl 120 20655 0 20438 21 8 13 13 0 8 3 lockfpl 104 967 0 965 2 1 1 2 0 8 0 lockfspl 48 327 0 325 1 0 1 1 0 8 0 sessionpl 144 30 0 22 1 0 1 1 0 8 0 pgrppl 48 68 0 52 1 0 1 1 0 8 0 ucredpl 104 3716 0 3704 1 0 1 1 0 8 0 zombiepl 144 2608 0 2608 3 2 1 1 0 8 1 processpl 1152 2549 0 2507 5 0 5 5 0 8 0 procpl 664 5741 0 5689 7 0 7 7 0 8 1 sosppl 168 14 0 14 2 1 1 1 0 8 1 sockpl 552 5991 0 5957 41 30 11 17 0 8 8 mcl64k 65536 409 0 408 2 1 1 2 0 8 0 mcl16k 16384 5 0 5 2 2 0 1 0 8 0 mcl12k 12288 2 0 2 1 1 0 1 0 8 0 mcl9k 9216 2 0 2 2 1 1 1 0 8 1 mcl8k 8192 83 0 83 4 3 1 1 0 8 1 mcl4k 4096 5221 0 5171 16 8 8 15 0 8 0 mcl2k 2048 3237 0 3222 7 4 3 5 0 8 0 mtagpl 96 10 0 10 1 0 1 1 0 8 1 mbufpl 256 29394 0 29228 103 90 13 74 0 8 0 bufpl 280 14840 0 8612 446 0 446 446 0 8 0 anonpl 24 319182 0 311820 114 51 63 63 0 187 18 amapchunkpl 152 73261 0 72761 46 14 32 35 0 158 10 amappl16 200 5801 0 5568 65 52 13 17 0 8 0 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 118 0 108 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 3217 0 3190 2 0 2 2 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 3 0 3 1 1 0 1 0 8 0 amappl9 144 256 0 256 1 1 0 1 0 8 0 amappl8 136 38 0 36 1 0 1 1 0 8 0 amappl7 128 128 0 117 1 0 1 1 0 8 0 amappl6 120 239 0 236 1 0 1 1 0 8 0 amappl5 112 152 0 145 1 0 1 1 0 8 0 amappl4 104 283 0 266 1 0 1 1 0 8 0 amappl3 96 12986 0 12903 3 0 3 3 0 8 0 amappl2 88 2767 0 2694 2 0 2 2 0 8 0 amappl1 80 16869 0 16330 13 1 12 13 0 8 0 amappl 88 20578 0 20421 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 9 0 9 2 2 0 1 0 8 0 dma128 128 256 0 256 2 1 1 1 0 8 1 dma64 64 8 0 8 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 124 0 10 3 0 3 3 0 8 0 uaddrrnd 24 2510 0 2482 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2510 0 2482 1 0 1 1 0 8 0 vmmpekpl 168 18904 0 18842 3 0 3 3 0 8 0 vmmpepl 168 156973 0 154967 121 24 97 97 0 357 4 vmsppl 368 2509 0 2482 4 1 3 4 0 8 0 rwobjpl 40 43536 0 36450 74 1 73 73 0 8 1 pdppl 4096 5027 0 4964 125 58 67 81 0 8 4 pvpl 32 1003575 0 991187 224 75 149 149 0 265 39 pmappl 216 2509 0 2482 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 530 0 193 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8334b61f) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8338d758,ffffffff833ca244,441,ffffffff833b571c) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c9a8b58,4,ffff80003c9a8c20,0) at rtrequest+0x115a rt_ifa_add(ffff800000b50200,840100,ffff800000b50240,0) at rt_ifa_add+0x38f sys/net/route.c:1284 in6_ioctl_change_ifaddr(8080691a,ffff80003c9a8df0,ffff800001470000) at in6_ioctl_change_ifaddr+0x789 sys/netinet6/in6.c:382 ifioctl(ffff800001513440,8080691a,ffff80003c9a8df0,ffff80003c9ab4e8) at ifioctl+0x1515 pru_control sys/sys/protosw.h:352 [inline] ifioctl(ffff800001513440,8080691a,ffff80003c9a8df0,ffff80003c9ab4e8) at ifioctl+0x1515 sys/net/if.c:2480 sys_ioctl(ffff80003c9ab4e8,ffff80003c9a8fc0,ffff80003c9a8f10) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c9a8fc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9a8fc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72396c36db0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8334b61f) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff8338d758,ffffffff833ca244,441,ffffffff833b571c) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c9a8b58,4,ffff80003c9a8c20,0) at rtrequest+0x115a rt_ifa_add(ffff800000b50200,840100,ffff800000b50240,0) at rt_ifa_add+0x38f sys/net/route.c:1284 in6_ioctl_change_ifaddr(8080691a,ffff80003c9a8df0,ffff800001470000) at in6_ioctl_change_ifaddr+0x789 sys/netinet6/in6.c:382 ifioctl(ffff800001513440,8080691a,ffff80003c9a8df0,ffff80003c9ab4e8) at ifioctl+0x1515 pru_control sys/sys/protosw.h:352 [inline] ifioctl(ffff800001513440,8080691a,ffff80003c9a8df0,ffff80003c9ab4e8) at ifioctl+0x1515 sys/net/if.c:2480 sys_ioctl(ffff80003c9ab4e8,ffff80003c9a8fc0,ffff80003c9a8f10) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c9a8fc0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9a8fc0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72396c36db0, count: -10