panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1078 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *482128 14594 0 0x8000000 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292f310) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e247b,ffffffff8288e2b7,436,ffffffff8285232c) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000377f79e8,4,ffff8000377f7ab8,0) at rtrequest+0xb49 sys/net/route.c:1078 rt_ifa_add(ffff8000006c0700,840100,ffff8000006c0758,0) at rt_ifa_add+0x2b3 sys/net/route.c:1273 in_ifinit(ffff8000006ab000,ffff8000006c0700,ffff8000006c0758,1) at in_ifinit+0x368 in_insert_prefix sys/netinet/in.c:770 [inline] in_ifinit(ffff8000006ab000,ffff8000006c0700,ffff8000006c0758,1) at in_ifinit+0x368 sys/netinet/in.c:703 in_ioctl_change_ifaddr(8040691a,ffff8000377f7d20,ffff8000006ab000) at in_ioctl_change_ifaddr+0x67a sys/netinet/in.c:504 ifioctl(fffffd806fb6e200,8040691a,ffff8000377f7d20,ffff80002a679210) at ifioctl+0x104c pru_control sys/sys/protosw.h:377 [inline] ifioctl(fffffd806fb6e200,8040691a,ffff8000377f7d20,ffff80002a679210) at ifioctl+0x104c sys/net/if.c:2449 sys_ioctl(ffff80002a679210,ffff8000377f7f00,ffff8000377f7e50) at sys_ioctl+0x4a5 syscall(ffff8000377f7f00) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd759333ee40, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1078 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292f310) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e247b,ffffffff8288e2b7,436,ffffffff8285232c) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000377f79e8,4,ffff8000377f7ab8,0) at rtrequest+0xb49 sys/net/route.c:1078 rt_ifa_add(ffff8000006c0700,840100,ffff8000006c0758,0) at rt_ifa_add+0x2b3 sys/net/route.c:1273 in_ifinit(ffff8000006ab000,ffff8000006c0700,ffff8000006c0758,1) at in_ifinit+0x368 in_insert_prefix sys/netinet/in.c:770 [inline] in_ifinit(ffff8000006ab000,ffff8000006c0700,ffff8000006c0758,1) at in_ifinit+0x368 sys/netinet/in.c:703 in_ioctl_change_ifaddr(8040691a,ffff8000377f7d20,ffff8000006ab000) at in_ioctl_change_ifaddr+0x67a sys/netinet/in.c:504 ifioctl(fffffd806fb6e200,8040691a,ffff8000377f7d20,ffff80002a679210) at ifioctl+0x104c pru_control sys/sys/protosw.h:377 [inline] ifioctl(fffffd806fb6e200,8040691a,ffff8000377f7d20,ffff80002a679210) at ifioctl+0x104c sys/net/if.c:2449 sys_ioctl(ffff80002a679210,ffff8000377f7f00,ffff8000377f7e50) at sys_ioctl+0x4a5 syscall(ffff8000377f7f00) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd759333ee40, count: -11 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000377f7810 rbx 0xffff800000e7c740 rdx 0xffff800000de3c80 rcx 0 rax 0xffff80002a679210 r8 0 r9 0x8080808080808080 r10 0x195421e960b8a37e r11 0x853137ccdc1dceae r12 0 r13 0x10000 __ALIGN_SIZE+0xf000 r14 0 r15 0x1 rip 0xffffffff814f4f4c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000377f7800 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) tid=482128 pid=14594 tcnt=2 stat=onproc flags process=8000000 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a6782b0,0xffff80002a679c60 process=0xffff8000ffffa188 user=0xffff8000377f2000, vmspace=0xfffffd80074aad70 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 64851 288800 56307 0 2 0x8000000 syz-executor.0 54967 265407 65257 0 2 0x8000000 syz-executor.7 54967 100934 65257 0 3 0xc000080 fsleep syz-executor.7 61280 165432 89320 0 2 0x8000000 syz-executor.1 61280 108116 89320 0 3 0xc000080 fsleep syz-executor.1 66929 320329 26403 0 2 0x8000000 syz-executor.2 66929 268877 26403 0 3 0xc000080 fsleep syz-executor.2 14594 493463 14133 0 2 0x8000000 syz-executor.3 *14594 482128 14133 0 7 0xc000000 syz-executor.3 76305 15417 51176 0 2 0x8000000 syz-executor.4 76305 234189 51176 0 3 0xc000080 kqsel syz-executor.4 76305 413561 51176 0 3 0xc000080 fsleep syz-executor.4 23076 22647 23315 0 2 0x8000480 syz-executor.5 23076 2245 23315 0 3 0xc000080 fifor syz-executor.5 23076 274840 23315 0 3 0xc000080 fsleep syz-executor.5 89320 345822 64902 0 2 0x8000482 syz-executor.1 23315 81652 64902 0 2 0x8000482 syz-executor.5 14133 281139 64902 0 2 0x8000482 syz-executor.3 56307 387558 64902 0 2 0x8000482 syz-executor.0 26403 458304 64902 0 2 0x8000482 syz-executor.2 51176 488590 64902 0 2 0x8000482 syz-executor.4 66051 70349 0 0 3 0x14200 acct acct 65257 454291 64902 0 2 0x8000482 syz-executor.7 4010 477659 1 0 3 0x18100083 ttyin getty 92633 430180 0 0 3 0x14200 bored sosplice 64902 17455 28437 0 3 0x1a000082 wait syz-fuzzer 64902 337665 28437 0 2 0x1e000482 syz-fuzzer 64902 392835 28437 0 3 0x1e000082 thrsleep syz-fuzzer 64902 122696 28437 0 3 0x1e000082 wait syz-fuzzer 64902 317277 28437 0 3 0x1e000082 wait syz-fuzzer 64902 441008 28437 0 3 0x1e000082 thrsleep syz-fuzzer 64902 519467 28437 0 3 0x1e000082 kqread syz-fuzzer 64902 241986 28437 0 3 0x1e000082 thrsleep syz-fuzzer 64902 180535 28437 0 3 0x1e000082 wait syz-fuzzer 64902 372527 28437 0 3 0x1e000082 wait syz-fuzzer 64902 148066 28437 0 3 0x1e000082 thrsleep syz-fuzzer 64902 460326 28437 0 3 0x1e000082 wait syz-fuzzer 64902 58105 28437 0 3 0x1e000082 thrsleep syz-fuzzer 64902 63025 28437 0 3 0x1e000082 wait syz-fuzzer 64902 340996 28437 0 3 0x1e000082 wait syz-fuzzer 28437 480237 49016 0 3 0x810008a sigsusp ksh 49016 290283 75760 0 3 0x1800009a kqread sshd 75760 245909 1 0 3 0x18000088 kqread sshd 79227 308097 66040 73 2 0x19100010 syslogd 66040 35591 1 0 3 0x18100082 sbwait syslogd 26221 222014 1 0 3 0x18100080 kqread resolvd 29405 469298 28876 77 2 0x18100092 dhcpleased 65954 405766 28876 77 3 0x18100092 kqread dhcpleased 28876 402931 1 0 3 0x18000080 kqread dhcpleased 33628 292270 0 0 3 0x14200 bored smr 71660 361424 0 0 2 0x14200 zerothread 42623 42199 0 0 3 0x14200 aiodoned aiodoned 40638 43451 0 0 3 0x14200 syncer update 90860 378232 0 0 3 0x14200 cleaner cleaner 54739 262270 0 0 3 0x14200 reaper reaper 99589 173988 0 0 3 0x14200 pgdaemon pagedaemon 6223 489580 0 0 3 0x14200 bored viomb 60125 442087 0 0 3 0x40014200 acpi0 acpi0 88009 136386 0 0 3 0x14200 bored softnet3 47955 494291 0 0 3 0x14200 bored softnet2 81006 237951 0 0 3 0x14200 bored softnet1 26669 473 0 0 3 0x14200 bored softnet0 35307 333150 0 0 3 0x14200 bored systqmp 23589 113864 0 0 3 0x14200 bored systq 50460 503521 0 0 3 0x40014200 tmoslp softclock 94441 95210 0 0 3 0x40014200 idle0 1 506103 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10173 6421K 6985K 166960K 12368 0 pcb 15 10K 10K 166960K 169 0 rtable 212 7K 8K 166960K 1167 0 pf 29 8K 9K 166960K 115 0 ifaddr 40 11K 11K 166960K 154 0 ifgroup 50 2K 2K 166960K 196 0 sysctl 4 1K 1K 166960K 4 0 counters 30 17K 17K 166960K 70 0 ioctlops 0 0K 2K 166960K 122 0 iov 0 0K 24K 166960K 133 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1381 87K 87K 166960K 2284 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 50 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 149 0 dirhash 12 2K 3K 166960K 90 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 17 61K 73K 166960K 2045 0 sigio 0 0K 0K 166960K 42 0 proc 58 59K 75K 166960K 1184 0 subproc 104 6K 7K 166960K 365 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 223 0 in_multi 87 6K 7K 166960K 387 0 ether_multi 1 0K 0K 166960K 8 0 mrt 1 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 821 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 336 183K 200K 166960K 19270 0 UVM aobj 104 6K 6K 166960K 111 0 pinsyscall 37 74K 100K 166960K 3705 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 112 0 NDP 11 0K 2K 166960K 107 0 temp 77 6808K 6883K 166960K 93677 0 kqueue 12 18K 28K 166960K 240 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 234 0 230 1 0 1 1 0 8 0 rtentry 112 385 0 289 4 0 4 4 0 8 0 unpcb 144 1156 0 1136 2 0 2 2 0 8 1 syncache 336 23 0 23 2 1 1 1 0 8 1 tcpqe 32 79 0 79 2 1 1 1 0 8 1 tcpcb 808 558 0 546 3 0 3 3 0 8 1 arp 88 70 0 55 1 0 1 1 0 8 0 ipq 40 11 0 9 1 0 1 1 0 8 0 ipqe 40 18 0 16 1 0 1 1 0 8 0 inpcb 360 1772 0 1752 5 1 4 4 0 8 2 nd6 104 86 0 65 1 0 1 1 0 8 0 pkpcb 40 16 0 16 2 1 1 1 0 8 1 kcovpl 48 28 0 20 1 0 1 1 0 8 0 ppxss 1072 10 0 10 2 1 1 1 0 8 1 art_heap8 4096 2 0 1 2 0 2 2 0 8 1 art_heap4 256 1425 0 1003 36 6 30 30 0 8 0 art_table 32 1427 0 1004 4 0 4 4 0 8 0 art_node 16 365 0 281 1 0 1 1 0 8 0 sysvmsgpl 40 37 0 14 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 145 0 135 1 0 1 1 0 8 0 shmpl 112 108 0 7 3 0 3 3 0 8 0 dirhash 1024 69 0 52 3 0 3 3 0 8 0 dino2pl 256 4418 0 2896 96 0 96 96 0 8 0 ffsino 240 4418 0 2896 91 0 91 91 0 8 1 nchpl 144 7231 0 5500 66 0 66 66 0 8 0 uvmvnodes 80 5070 0 0 104 0 104 104 0 8 0 vnodes 216 5070 0 0 282 0 282 282 0 8 0 namei 1024 24796 0 24796 4 3 1 3 0 8 1 vcpupl 2048 13 0 1 2 0 2 2 0 8 0 vmpool 664 16 0 4 2 0 2 2 0 8 0 kstatmem 264 102 0 80 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 216 26860 0 26860 8 7 1 8 1 8 1 plimitpl 152 245 0 230 1 0 1 1 0 8 0 sigapl 424 2301 0 2255 6 0 6 6 0 8 0 futexpl 64 29630 0 29625 1 0 1 1 0 8 0 knotepl 120 20382 0 20302 25 14 11 17 0 8 8 kqueuepl 184 468 0 457 1 0 1 1 0 8 0 pipepl 288 408 0 381 3 0 3 3 0 8 0 fdescpl 432 2283 0 2255 4 0 4 4 0 8 0 filepl 120 12376 0 12120 10 1 9 10 0 8 0 lockfpl 104 536 0 533 1 0 1 1 0 8 0 lockfspl 48 225 0 222 1 0 1 1 0 8 0 sessionpl 144 45 0 29 1 0 1 1 0 8 0 pgrppl 48 80 0 64 1 0 1 1 0 8 0 ucredpl 104 1824 0 1814 1 0 1 1 0 8 0 zombiepl 144 2256 0 2255 1 0 1 1 0 8 0 processpl 1072 2301 0 2255 4 0 4 4 0 8 0 procpl 656 4336 0 4268 7 0 7 7 0 8 0 sosppl 168 25 0 25 1 0 1 1 0 8 1 sockpl 472 3200 0 3156 9 1 8 8 0 8 2 mcl64k 65536 49 0 49 2 1 1 1 0 8 1 mcl16k 16384 51 0 51 2 1 1 1 0 8 1 mcl12k 12288 64 0 64 2 1 1 1 0 8 1 mcl9k 9216 16 0 16 2 1 1 1 0 8 1 mcl8k 8192 147 0 147 2 1 1 1 0 8 1 mcl4k 4096 313 0 313 3 2 1 2 0 8 1 mcl2k2 2112 29 0 29 2 1 1 1 0 8 1 mcl2k 2048 31887 0 31783 48 27 21 37 0 8 5 mtagpl 96 47 0 47 1 0 1 1 0 8 1 mbufpl 256 92587 0 92347 106 81 25 63 0 8 5 bufpl 280 9318 0 2989 453 0 453 453 0 8 0 anonpl 24 390688 0 382439 106 37 69 85 0 188 18 amapchunkpl 152 62113 0 61449 42 5 37 37 0 158 5 amappl16 200 9347 0 9094 61 44 17 32 0 8 3 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 240 0 228 2 1 1 2 0 8 0 amappl13 176 17 0 17 2 1 1 1 0 8 1 amappl12 168 3249 0 3220 2 0 2 2 0 8 0 amappl11 160 52 0 41 1 0 1 1 0 8 0 amappl10 152 66 0 57 1 0 1 1 0 8 0 amappl9 144 155 0 154 1 0 1 1 0 8 0 amappl8 136 260 0 192 3 0 3 3 0 8 0 amappl7 128 91 0 76 1 0 1 1 0 8 0 amappl6 120 586 0 572 2 1 1 2 0 8 0 amappl5 112 264 0 251 1 0 1 1 0 8 0 amappl4 104 691 0 659 2 0 2 2 0 8 0 amappl3 96 12528 0 12447 3 0 3 3 0 8 0 amappl2 88 2857 0 2785 4 2 2 4 0 8 0 amappl1 80 17654 0 17159 22 11 11 22 0 8 0 amappl 88 18418 0 18210 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 110 0 7 2 0 2 2 0 8 0 uaddrrnd 24 2299 0 2259 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2299 0 2259 1 0 1 1 0 8 0 vmmpekpl 168 19548 0 19492 4 0 4 4 0 8 1 vmmpepl 168 160805 0 158743 122 21 101 111 0 357 11 vmsppl 344 2298 0 2259 4 0 4 4 0 8 0 rwobjpl 24 49640 0 43224 39 0 39 39 0 8 0 pdppl 4096 4604 0 4530 200 123 77 78 0 8 3 pvpl 32 992363 0 977864 416 246 170 361 0 265 42 pmappl 216 2298 0 2259 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 608 0 248 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292f310) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e247b,ffffffff8288e2b7,436,ffffffff8285232c) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000377f79e8,4,ffff8000377f7ab8,0) at rtrequest+0xb49 sys/net/route.c:1078 rt_ifa_add(ffff8000006c0700,840100,ffff8000006c0758,0) at rt_ifa_add+0x2b3 sys/net/route.c:1273 in_ifinit(ffff8000006ab000,ffff8000006c0700,ffff8000006c0758,1) at in_ifinit+0x368 in_insert_prefix sys/netinet/in.c:770 [inline] in_ifinit(ffff8000006ab000,ffff8000006c0700,ffff8000006c0758,1) at in_ifinit+0x368 sys/netinet/in.c:703 in_ioctl_change_ifaddr(8040691a,ffff8000377f7d20,ffff8000006ab000) at in_ioctl_change_ifaddr+0x67a sys/netinet/in.c:504 ifioctl(fffffd806fb6e200,8040691a,ffff8000377f7d20,ffff80002a679210) at ifioctl+0x104c pru_control sys/sys/protosw.h:377 [inline] ifioctl(fffffd806fb6e200,8040691a,ffff8000377f7d20,ffff80002a679210) at ifioctl+0x104c sys/net/if.c:2449 sys_ioctl(ffff80002a679210,ffff8000377f7f00,ffff8000377f7e50) at sys_ioctl+0x4a5 syscall(ffff8000377f7f00) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd759333ee40, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292f310) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e247b,ffffffff8288e2b7,436,ffffffff8285232c) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000377f79e8,4,ffff8000377f7ab8,0) at rtrequest+0xb49 sys/net/route.c:1078 rt_ifa_add(ffff8000006c0700,840100,ffff8000006c0758,0) at rt_ifa_add+0x2b3 sys/net/route.c:1273 in_ifinit(ffff8000006ab000,ffff8000006c0700,ffff8000006c0758,1) at in_ifinit+0x368 in_insert_prefix sys/netinet/in.c:770 [inline] in_ifinit(ffff8000006ab000,ffff8000006c0700,ffff8000006c0758,1) at in_ifinit+0x368 sys/netinet/in.c:703 in_ioctl_change_ifaddr(8040691a,ffff8000377f7d20,ffff8000006ab000) at in_ioctl_change_ifaddr+0x67a sys/netinet/in.c:504 ifioctl(fffffd806fb6e200,8040691a,ffff8000377f7d20,ffff80002a679210) at ifioctl+0x104c pru_control sys/sys/protosw.h:377 [inline] ifioctl(fffffd806fb6e200,8040691a,ffff8000377f7d20,ffff80002a679210) at ifioctl+0x104c sys/net/if.c:2449 sys_ioctl(ffff80002a679210,ffff8000377f7f00,ffff8000377f7e50) at sys_ioctl+0x4a5 syscall(ffff8000377f7f00) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd759333ee40, count: -11