panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 951 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *354299 71256 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e536a,ffffffff821b8c22,3b7,ffffffff821c9205) at __assert+0x2b sys/kern/subr_prf.c:154 rtrequest(1,ffff800016b4e298,4,ffff800016b4e368,0) at rtrequest+0xbf1 sys/net/route.c:951 rt_ifa_add(ffff800000ab1b00,840100,ffff800000ab1b58,0) at rt_ifa_add+0x290 sys/net/route.c:1133 in_ifinit(ffff800000abb000,ffff800000ab1b00,ffff800000ab1b58,1) at in_ifinit+0x37a in_insert_prefix sys/netinet/in.c:748 [inline] in_ifinit(ffff800000abb000,ffff800000ab1b00,ffff800000ab1b58,1) at in_ifinit+0x37a sys/netinet/in.c:679 in_ioctl_change_ifaddr(8040691a,ffff800016b4e650,ffff800000abb000,1) at in_ioctl_change_ifaddr+0x62b sys/netinet/in.c:483 in_ioctl(8040691a,ffff800016b4e650,ffff800000abb000,1) at in_ioctl+0x205 sys/netinet/in.c:246 ifioctl(fffffd802db46490,8040691a,ffff800016b4e650,ffff8000ffff2c70) at ifioctl+0xb34 sys/net/if.c:2202 sys_ioctl(ffff8000ffff2c70,ffff800016b4e768,ffff800016b4e7b0) at sys_ioctl+0x5b9 syscall(ffff800016b4e830) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,275eda43010) at Xsyscall+0x128 end of kernel end trace frame: 0x2780dbbfbc0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 951 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e536a,ffffffff821b8c22,3b7,ffffffff821c9205) at __assert+0x2b sys/kern/subr_prf.c:154 rtrequest(1,ffff800016b4e298,4,ffff800016b4e368,0) at rtrequest+0xbf1 sys/net/route.c:951 rt_ifa_add(ffff800000ab1b00,840100,ffff800000ab1b58,0) at rt_ifa_add+0x290 sys/net/route.c:1133 in_ifinit(ffff800000abb000,ffff800000ab1b00,ffff800000ab1b58,1) at in_ifinit+0x37a in_insert_prefix sys/netinet/in.c:748 [inline] in_ifinit(ffff800000abb000,ffff800000ab1b00,ffff800000ab1b58,1) at in_ifinit+0x37a sys/netinet/in.c:679 in_ioctl_change_ifaddr(8040691a,ffff800016b4e650,ffff800000abb000,1) at in_ioctl_change_ifaddr+0x62b sys/netinet/in.c:483 in_ioctl(8040691a,ffff800016b4e650,ffff800000abb000,1) at in_ioctl+0x205 sys/netinet/in.c:246 ifioctl(fffffd802db46490,8040691a,ffff800016b4e650,ffff8000ffff2c70) at ifioctl+0xb34 sys/net/if.c:2202 sys_ioctl(ffff8000ffff2c70,ffff800016b4e768,ffff800016b4e7b0) at sys_ioctl+0x5b9 syscall(ffff800016b4e830) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,275eda43010) at Xsyscall+0x128 end of kernel end trace frame: 0x2780dbbfbc0, count: -12 ddb> show registers rdi 0xffffffff811a2427 db_enter+0x17 rsi 0x3e6d __ALIGN_SIZE+0x2e6d rbp 0xffff800016b4e0b0 rbx 0xffff800016b4e160 rdx 0x3e6e __ALIGN_SIZE+0x2e6e rcx 0xffff800016b7a000 rax 0xffff800016b7a000 r8 0xffff800016b4e070 r9 0x1 r10 0xffff800000a65bc0 r11 0xb9f747a4d4767b1e r12 0x3000000008 r13 0xffff800016b4e0c0 r14 0x100 r15 0x1 rip 0xffffffff811a2428 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800016b4e0a0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=354299 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff3b40,0xffffffff82571f00 process=0xffff8000ffff77b0 user=0xffff800016b49000, vmspace=0xfffffd803f014330 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 71256 522383 33354 0 2 0 syz-executor.1 *71256 354299 33354 0 7 0x4000000 syz-executor.1 1234 470348 99517 0 3 0x80 nanosleep syz-executor.0 1234 483508 99517 0 3 0x4000080 fsleep syz-executor.0 1234 161848 99517 0 3 0x4000080 netio syz-executor.0 99517 268092 85844 0 3 0x82 nanosleep syz-executor.0 33354 325325 85844 0 3 0x82 nanosleep syz-executor.1 63524 9004 0 0 3 0x14200 bored sosplice 85844 472220 68935 0 3 0x82 thrsleep syz-fuzzer 85844 217130 68935 0 3 0x4000082 thrsleep syz-fuzzer 85844 430096 68935 0 3 0x4000082 kqread syz-fuzzer 85844 138555 68935 0 3 0x4000082 thrsleep syz-fuzzer 85844 122061 68935 0 3 0x4000082 thrsleep syz-fuzzer 85844 445111 68935 0 3 0x4000082 thrsleep syz-fuzzer 85844 416438 68935 0 3 0x4000082 thrsleep syz-fuzzer 85844 451385 68935 0 3 0x4000082 thrsleep syz-fuzzer 68935 115721 20519 0 3 0x10008a pause ksh 20519 370779 73361 0 3 0x92 select sshd 15396 355029 1 0 3 0x100083 ttyin getty 73361 7535 1 0 3 0x80 select sshd 17257 38230 29005 73 3 0x100090 kqread syslogd 29005 388145 1 0 3 0x100082 netio syslogd 45106 134142 1 77 3 0x100090 poll dhclient 48550 273065 1 0 3 0x80 poll dhclient 1439 454990 0 0 2 0x14200 zerothread 45488 72604 0 0 3 0x14200 aiodoned aiodoned 72766 291348 0 0 3 0x14200 syncer update 1965 255674 0 0 3 0x14200 cleaner cleaner 16645 115809 0 0 3 0x14200 reaper reaper 60341 456031 0 0 3 0x14200 pgdaemon pagedaemon 66433 15232 0 0 3 0x14200 bored crynlk 87584 20993 0 0 3 0x14200 bored crypto 4987 457448 0 0 3 0x40014200 acpi0 acpi0 7000 209681 0 0 3 0x14200 bored softnet 45206 294025 0 0 3 0x14200 bored systqmp 51040 255567 0 0 3 0x14200 bored systq 57765 522789 0 0 3 0x40014200 bored softclock 11221 307852 0 0 3 0x40014200 idle0 78955 378064 0 0 3 0x14200 bored smr 1 493503 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9569 6369K 14627K 78643K 14489 0 0 pcb 14 11K 13K 78643K 2176 0 0 rtable 107 8K 8K 78643K 1255 0 0 ifaddr 85 17K 18K 78643K 394 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 140 0 0 iov 0 0K 32K 78643K 434 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1222 77K 77K 78643K 2652 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 33 0 0 VM map 17 4K 4K 78643K 25 0 0 sem 12 0K 0K 78643K 1003 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 1547 0 0 sigio 0 0K 0K 78643K 39 0 0 proc 50 38K 63K 78643K 750 0 0 subproc 32 2K 2K 78643K 153 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 82 0 0 in_multi 24 1K 2K 78643K 248 0 0 ether_multi 2 0K 0K 78643K 14 0 0 mrt 1 0K 0K 78643K 18 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 469 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 130 152K 154K 78643K 4763 0 0 UVM aobj 130 5K 5K 78643K 131 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 371 0 0 NDP 20 0K 1K 78643K 128 0 0 temp 227 3544K 4185K 78643K 52827 0 0 kqueue 0 0K 0K 78643K 25 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 39 0 33 1 0 1 1 0 8 0 rtpcb 80 149 0 147 1 0 1 1 0 8 0 rtentry 112 257 0 218 2 0 2 2 0 8 0 unpcb 120 1406 0 1395 6 5 1 2 0 8 0 syncache 264 12 0 12 6 6 0 1 0 8 0 tcpqe 32 105 0 105 4 4 0 1 0 8 0 tcpcb 544 912 0 908 5 4 1 2 0 8 0 ipq 40 17 0 17 5 5 0 1 0 8 0 ipqe 40 343 0 343 5 5 0 1 0 8 0 inpcb 280 4284 0 4275 21 18 3 13 0 8 2 rttmr 72 4 0 4 4 4 0 1 0 8 0 nd6 48 40 0 37 1 0 1 1 0 8 0 pkpcb 40 8 0 8 3 3 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 49 0 49 7 6 1 1 0 8 1 art_heap8 4096 21 0 19 7 4 3 3 0 8 1 art_heap4 256 1356 0 1120 29 11 18 19 0 8 0 art_table 32 1377 0 1139 3 0 3 3 0 8 0 art_node 16 255 0 220 1 0 1 1 0 8 0 sysvmsgpl 40 32 0 29 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 1001 0 991 1 0 1 1 0 8 0 shmpl 112 129 0 1 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 3813 0 2427 46 0 46 46 0 8 0 ffsino 240 3813 0 2427 83 0 83 83 0 8 0 nchpl 144 6922 0 6468 60 41 19 60 0 8 0 uvmvnodes 72 4875 0 0 89 0 89 89 0 8 0 vnodes 208 4875 0 0 257 0 257 257 0 8 0 namei 1024 22321 0 22321 3 2 1 1 0 8 1 vcpupl 1984 15 0 0 2 0 2 2 0 8 0 vmpool 520 23 0 8 2 1 1 2 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 21590 0 21590 12 11 1 7 0 8 1 plimitpl 152 180 0 173 1 0 1 1 0 8 0 sigapl 432 1697 0 1683 2 0 2 2 0 8 0 futexpl 56 65111 0 65110 3 2 1 1 0 8 0 knotepl 112 471 0 452 2 1 1 2 0 8 0 kqueuepl 104 1253 0 1251 1 0 1 1 0 8 0 pipepl 112 2136 0 2115 6 4 2 2 0 8 0 fdescpl 424 1698 0 1683 2 0 2 2 0 8 0 filepl 120 18922 0 18821 23 18 5 11 0 8 1 lockfpl 104 722 0 721 1 0 1 1 0 8 0 lockfspl 48 189 0 188 1 0 1 1 0 8 0 sessionpl 112 24 0 14 1 0 1 1 0 8 0 pgrppl 48 42 0 32 1 0 1 1 0 8 0 ucredpl 96 1772 0 1765 1 0 1 1 0 8 0 zombiepl 144 1683 0 1683 1 0 1 1 0 8 1 processpl 864 1713 0 1683 4 0 4 4 0 8 0 procpl 632 3665 0 3625 5 1 4 5 0 8 0 sosppl 128 40 0 40 7 7 0 1 0 8 0 sockpl 384 5903 0 5881 39 33 6 22 0 8 3 mcl64k 65536 647 0 647 62 61 1 33 0 8 1 mcl16k 16384 31 0 31 7 6 1 1 0 8 1 mcl12k 12288 56 0 56 5 4 1 1 0 8 1 mcl9k 9216 22 0 22 6 5 1 1 0 8 1 mcl8k 8192 96 0 96 3 2 1 1 0 8 1 mcl4k 4096 243 0 242 5 4 1 1 0 8 0 mcl2k2 2112 21 0 21 7 7 0 1 0 8 0 mcl2k 2048 72767 0 72722 18 11 7 14 0 8 1 mtagpl 80 55 0 54 2 1 1 1 0 8 0 mbufpl 256 137322 0 137251 66 56 10 25 0 8 1 bufpl 256 15947 0 8656 459 3 456 456 0 8 0 anonpl 16 250848 0 231113 156 60 96 100 0 62 12 amapchunkpl 152 9423 0 9290 42 36 6 19 0 158 0 amappl16 192 11690 0 10551 143 77 66 71 0 8 8 amappl15 184 243 0 241 3 2 1 1 0 8 0 amappl14 176 332 0 327 1 0 1 1 0 8 0 amappl13 168 180 0 178 3 2 1 1 0 8 0 amappl12 160 549 0 548 1 0 1 1 0 8 0 amappl11 152 67 0 56 1 0 1 1 0 8 0 amappl10 144 80 0 78 1 0 1 1 0 8 0 amappl9 136 807 0 798 1 0 1 1 0 8 0 amappl8 128 379 0 347 2 0 2 2 0 8 0 amappl7 120 148 0 141 1 0 1 1 0 8 0 amappl6 112 68 0 60 1 0 1 1 0 8 0 amappl5 104 766 0 755 1 0 1 1 0 8 0 amappl4 96 1553 0 1525 1 0 1 1 0 8 0 amappl3 88 753 0 747 1 0 1 1 0 8 0 amappl2 80 12640 0 12564 3 1 2 3 0 8 0 amappl1 72 40669 0 40237 26 16 10 20 0 8 0 amappl 80 4026 0 3976 3 1 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 130 0 1 3 0 3 3 0 8 0 uaddrrnd 24 1721 0 1683 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1721 0 1683 1 0 1 1 0 8 0 vmmpekpl 168 16758 0 16727 2 0 2 2 0 8 0 vmmpepl 168 214612 0 212272 213 106 107 141 0 357 3 vmsppl 272 1697 0 1683 2 1 1 2 0 8 0 pdppl 4096 3448 0 3397 8 1 7 7 0 8 0 pvpl 32 675974 0 653006 358 121 237 304 0 265 50 pmappl 200 1720 0 1691 2 0 2 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 762 0 168 18 0 18 18 0 8 0