panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 951 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *384143 46524 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821df48c,ffffffff821b3f62,3b7,ffffffff821c44c2) at __assert+0x2b sys/kern/subr_prf.c:154 rtrequest(1,ffff8000159420f8,38,ffff800015942068,0) at rtrequest+0xbf1 sys/net/route.c:951 rtm_output(ffff800000b51a00,ffff8000159421a0,ffff8000159420f8,38,0) at rtm_output+0x62f sys/net/rtsock.c:901 route_output(fffffd8038e43f00,fffffd803ca22600,0,0) at route_output+0x7d9 sys/net/rtsock.c:819 route_usrreq(fffffd803ca22600,9,fffffd8038e43f00,0,0,ffff800014916c70) at route_usrreq+0x363 sys/net/rtsock.c:275 sosend(fffffd803ca22600,0,ffff8000159423a0,0,0,80) at sosend+0x63d sys/kern/uipc_socket.c:524 sendit(ffff800014916c70,3,ffff800015942480,0,ffff800015942560) at sendit+0x52b sys/kern/uipc_syscalls.c:662 sys_sendto(ffff800014916c70,ffff800015942518,ffff800015942560) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:527 syscall(ffff8000159425e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(0,0,ffffffffffffffd8,0,6,d6b692b7010) at Xsyscall+0x128 end of kernel end trace frame: 0xd6dc6703760, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 951 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821df48c,ffffffff821b3f62,3b7,ffffffff821c44c2) at __assert+0x2b sys/kern/subr_prf.c:154 rtrequest(1,ffff8000159420f8,38,ffff800015942068,0) at rtrequest+0xbf1 sys/net/route.c:951 rtm_output(ffff800000b51a00,ffff8000159421a0,ffff8000159420f8,38,0) at rtm_output+0x62f sys/net/rtsock.c:901 route_output(fffffd8038e43f00,fffffd803ca22600,0,0) at route_output+0x7d9 sys/net/rtsock.c:819 route_usrreq(fffffd803ca22600,9,fffffd8038e43f00,0,0,ffff800014916c70) at route_usrreq+0x363 sys/net/rtsock.c:275 sosend(fffffd803ca22600,0,ffff8000159423a0,0,0,80) at sosend+0x63d sys/kern/uipc_socket.c:524 sendit(ffff800014916c70,3,ffff800015942480,0,ffff800015942560) at sendit+0x52b sys/kern/uipc_syscalls.c:662 sys_sendto(ffff800014916c70,ffff800015942518,ffff800015942560) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:527 syscall(ffff8000159425e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(0,0,ffffffffffffffd8,0,6,d6b692b7010) at Xsyscall+0x128 end of kernel end trace frame: 0xd6dc6703760, count: -12 ddb> show registers rdi 0xffffffff81c2cf37 db_enter+0x17 rsi 0x4085 __ALIGN_SIZE+0x3085 rbp 0xffff800015941e70 rbx 0xffff800015941f20 rdx 0x4086 __ALIGN_SIZE+0x3086 rcx 0xffff80001553d000 rax 0xffff80001553d000 r8 0xffff800015941e30 r9 0x1 r10 0xffff800000ae0680 r11 0x66a12a57fab88cfe r12 0x3000000008 r13 0xffff800015941e80 r14 0x100 r15 0x1 rip 0xffffffff81c2cf38 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800015941e60 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=384143 stat=onproc flags process=0 proc=4000000 pri=79, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff800014917b40,0xffffffff8259a688 process=0xffff8000ffff66d0 user=0xffff80001593d000, vmspace=0xfffffd803f014330 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 46524 97900 92374 0 2 0 syz-executor.1 *46524 384143 92374 0 7 0x4000000 syz-executor.1 92374 104270 90495 0 3 0x82 nanosleep syz-executor.1 64692 378065 90495 0 2 0x2 syz-executor.0 84622 184530 0 0 3 0x14200 acct acct 70843 4935 1 0 3 0x100083 ttyin getty 61935 180604 0 0 3 0x14200 bored sosplice 90495 360741 34966 0 3 0x82 thrsleep syz-fuzzer 90495 231982 34966 0 3 0x4000082 thrsleep syz-fuzzer 90495 255528 34966 0 3 0x4000082 thrsleep syz-fuzzer 90495 478362 34966 0 3 0x4000082 thrsleep syz-fuzzer 90495 229633 34966 0 3 0x4000082 kqread syz-fuzzer 90495 125094 34966 0 3 0x4000082 thrsleep syz-fuzzer 90495 148078 34966 0 3 0x4000082 thrsleep syz-fuzzer 90495 349140 34966 0 3 0x4000082 thrsleep syz-fuzzer 34966 58881 65553 0 3 0x10008a pause ksh 65553 290658 26645 0 3 0x92 select sshd 26645 167582 1 0 3 0x80 select sshd 62605 418818 25311 73 3 0x100090 kqread syslogd 25311 463180 1 0 3 0x100082 netio syslogd 19672 83947 0 0 2 0x14200 zerothread 49668 412411 0 0 3 0x14200 aiodoned aiodoned 92936 485464 0 0 3 0x14200 syncer update 3087 92792 0 0 3 0x14200 cleaner cleaner 75508 28860 0 0 3 0x14200 reaper reaper 10636 197208 0 0 3 0x14200 pgdaemon pagedaemon 25458 71659 0 0 3 0x14200 bored crynlk 81748 390952 0 0 3 0x14200 bored crypto 69956 53564 0 0 3 0x40014200 acpi0 acpi0 10486 313926 0 0 3 0x14200 bored softnet 28692 277423 0 0 3 0x14200 bored systqmp 14800 306466 0 0 3 0x14200 bored systq 64190 390555 0 0 3 0x40014200 bored softclock 17081 31555 0 0 3 0x40014200 idle0 66571 217454 0 0 3 0x14200 bored smr 1 433302 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9597 6322K 8020K 78643K 33322 0 0 pcb 13 12K 14K 78643K 2039 0 0 rtable 145 14K 14K 78643K 4911 0 0 ifaddr 94 25K 28K 78643K 1642 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 781 0 0 iov 0 0K 32K 78643K 1541 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1217 76K 78K 78643K 15546 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 232 0 0 VM map 2 0K 0K 78643K 34 0 0 sem 12 0K 1K 78643K 4855 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 14684 0 0 sigio 0 0K 0K 78643K 159 0 0 proc 45 30K 63K 78643K 3359 0 0 subproc 32 2K 2K 78643K 773 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 1496 0 0 in_multi 36 2K 2K 78643K 987 0 0 ether_multi 1 0K 0K 78643K 71 0 0 mrt 2 0K 0K 78643K 55 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 204 901K 901K 78643K 204 0 0 exec 0 0K 1K 78643K 2095 0 0 pfkey data 0 0K 4K 78643K 6 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 107 22K 32K 78643K 35914 0 0 UVM aobj 130 4K 4K 78643K 146 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 1981 0 0 NDP 23 0K 0K 78643K 499 0 0 temp 233 3537K 4177K 78643K 235751 0 0 kqueue 0 0K 0K 78643K 117 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 99 0 93 1 0 1 1 0 8 0 rtpcb 80 1107 0 1106 4 3 1 1 0 8 0 rtentry 112 705 0 653 2 0 2 2 0 8 0 unpcb 120 8025 0 7996 23 21 2 2 0 8 0 syncache 264 34 0 34 17 16 1 1 0 8 1 sackhl 24 11 0 11 9 9 0 1 0 8 0 tcpqe 32 6661 0 6661 8 8 0 2 0 8 0 tcpcb 544 13169 0 13165 49 48 1 16 0 8 0 ipq 40 20 0 20 12 12 0 1 0 8 0 ipqe 40 49 0 49 12 12 0 1 0 8 0 inpcb 280 20979 0 20972 54 52 2 13 0 8 1 rttmr 72 7 0 7 5 5 0 1 0 8 0 nd6 48 91 0 87 3 2 1 1 0 8 0 pkpcb 40 96 0 96 28 28 0 1 0 8 0 swfcl 56 4 0 0 1 0 1 1 0 8 0 ppxss 1128 257 0 257 50 50 0 1 0 8 0 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 2364 0 2107 33 16 17 18 0 8 0 art_table 32 2366 0 2108 4 1 3 3 0 8 0 art_node 16 540 0 495 1 0 1 1 0 8 0 sysvmsgpl 40 60 0 39 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 4853 0 4843 1 0 1 1 0 8 0 shmpl 112 144 0 16 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 28210 0 26780 47 0 47 47 0 8 0 ffsino 240 28210 0 26780 85 0 85 85 0 8 0 nchpl 144 49685 0 48024 62 0 62 62 0 8 0 uvmvnodes 72 9068 0 0 165 0 165 165 0 8 0 vnodes 208 9068 0 0 478 0 478 478 0 8 0 namei 1024 204145 0 204145 5 4 1 1 0 8 1 vmpool 520 32 0 32 12 12 0 1 0 8 0 scsiplug 64 37 0 37 26 26 0 1 0 8 0 scxspl 192 135955 0 135955 51 50 1 7 0 8 1 plimitpl 152 1283 0 1277 1 0 1 1 0 8 0 sigapl 432 14737 0 14726 2 0 2 2 0 8 0 futexpl 56 371249 0 371249 3 2 1 1 0 8 1 knotepl 112 3553 0 3534 11 9 2 3 0 8 1 kqueuepl 104 4296 0 4294 7 6 1 4 0 8 0 pipepl 112 10488 0 10469 25 23 2 2 0 8 1 fdescpl 424 14738 0 14726 2 0 2 2 0 8 0 filepl 120 153602 0 153517 86 81 5 11 0 8 1 lockfpl 104 4825 0 4825 1 0 1 1 0 8 1 lockfspl 48 1568 0 1568 1 0 1 1 0 8 1 sessionpl 112 71 0 63 1 0 1 1 0 8 0 pgrppl 48 193 0 185 1 0 1 1 0 8 0 ucredpl 96 53890 0 53884 1 0 1 1 0 8 0 zombiepl 144 14730 0 14730 3 2 1 1 0 8 1 processpl 864 14758 0 14730 4 0 4 4 0 8 0 procpl 632 32919 0 32883 7 3 4 5 0 8 0 sosppl 128 252 0 252 49 49 0 1 0 8 0 sockpl 384 30396 0 30362 111 105 6 23 0 8 1 mcl64k 65536 495 0 495 48 47 1 1 0 8 1 mcl16k 16384 102 0 102 51 51 0 1 0 8 0 mcl12k 12288 283 0 283 45 44 1 1 0 8 1 mcl9k 9216 168 0 168 45 44 1 1 0 8 1 mcl8k 8192 457 0 457 29 28 1 1 0 8 1 mcl4k 4096 1351 0 1351 7 6 1 1 0 8 1 mcl2k2 2112 110 0 110 51 50 1 1 0 8 1 mcl2k 2048 73429 0 73387 58 51 7 24 0 8 1 mtagpl 80 1106 0 1106 10 10 0 5 0 8 0 mbufpl 256 205525 0 205420 75 63 12 34 0 8 0 bufpl 256 44621 0 35549 568 0 568 568 0 8 0 anonpl 16 1369249 0 1356705 394 316 78 86 0 62 12 amapchunkpl 152 66389 0 66285 161 155 6 19 0 158 0 amappl16 192 75988 0 75117 436 384 52 57 0 8 8 amappl15 184 3375 0 3375 11 11 0 1 0 8 0 amappl14 176 3202 0 3199 2 1 1 1 0 8 0 amappl13 168 2162 0 2161 6 5 1 1 0 8 0 amappl12 160 903 0 901 1 0 1 1 0 8 0 amappl11 152 2304 0 2298 1 0 1 1 0 8 0 amappl10 144 1129 0 1128 3 2 1 1 0 8 0 amappl9 136 2624 0 2616 1 0 1 1 0 8 0 amappl8 128 2228 0 2190 4 2 2 2 0 8 0 amappl7 120 1339 0 1332 1 0 1 1 0 8 0 amappl6 112 2191 0 2179 1 0 1 1 0 8 0 amappl5 104 1442 0 1435 1 0 1 1 0 8 0 amappl4 96 14969 0 14944 1 0 1 1 0 8 0 amappl3 88 4404 0 4398 1 0 1 1 0 8 0 amappl2 80 117617 0 117553 4 2 2 3 0 8 0 amappl1 72 271252 0 270872 28 19 9 20 0 8 0 amappl 80 33912 0 33878 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 145 0 16 3 0 3 3 0 8 0 uaddrrnd 24 14770 0 14726 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 14770 0 14726 1 0 1 1 0 8 0 vmmpekpl 168 90994 0 90964 2 0 2 2 0 8 0 vmmpepl 168 1722371 0 1720514 808 693 115 126 0 357 24 vmsppl 272 14737 0 14726 6 5 1 2 0 8 0 pdppl 4096 29546 0 29516 6 1 5 6 0 8 0 pvpl 32 3997724 0 3982151 1026 839 187 289 0 265 33 pmappl 200 14769 0 14758 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 1027 0 323 21 0 21 21 0 8 0