panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/net/route.c", line 951 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 116831 49968 0 0 0 0 syz-executor.0 *493682 49968 0 0 0x4000000 1K syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82206f14,ffffffff821d163f,3b7,ffffffff821e790a) at __assert+0x2b sys/kern/subr_prf.c:154 rtrequest(1,ffff800021bc32c8,4,ffff800021bc3398,0) at rtrequest+0xbf1 sys/net/route.c:951 rt_ifa_add(ffff800000b36100,840100,ffff800000b36158,0) at rt_ifa_add+0x290 sys/net/route.c:1133 in_ifinit(ffff800000a44800,ffff800000b36100,ffff800021bc36a0,1) at in_ifinit+0x37a in_insert_prefix sys/netinet/in.c:717 [inline] in_ifinit(ffff800000a44800,ffff800000b36100,ffff800021bc36a0,1) at in_ifinit+0x37a sys/netinet/in.c:648 in_ioctl_change_ifaddr(8040691a,ffff800021bc3690,ffff800000a44800,1) at in_ioctl_change_ifaddr+0x5de sys/netinet/in.c:452 in_ioctl(8040691a,ffff800021bc3690,ffff800000a44800,1) at in_ioctl+0x205 sys/netinet/in.c:234 ifioctl(fffffd806f6cc480,8040691a,ffff800021bc3690,ffff800020a5f3c8) at ifioctl+0xb64 sys/net/if.c:2202 sys_ioctl(ffff800020a5f3c8,ffff800021bc37a8,ffff800021bc37f0) at sys_ioctl+0x5b9 syscall(ffff800021bc3870) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800021bc3870) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,188b64dc010) at Xsyscall+0x128 end of kernel end trace frame: 0x18b68ae7750, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/net/route.c", line 951 ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82206f14,ffffffff821d163f,3b7,ffffffff821e790a) at __assert+0x2b sys/kern/subr_prf.c:154 rtrequest(1,ffff800021bc32c8,4,ffff800021bc3398,0) at rtrequest+0xbf1 sys/net/route.c:951 rt_ifa_add(ffff800000b36100,840100,ffff800000b36158,0) at rt_ifa_add+0x290 sys/net/route.c:1133 in_ifinit(ffff800000a44800,ffff800000b36100,ffff800021bc36a0,1) at in_ifinit+0x37a in_insert_prefix sys/netinet/in.c:717 [inline] in_ifinit(ffff800000a44800,ffff800000b36100,ffff800021bc36a0,1) at in_ifinit+0x37a sys/netinet/in.c:648 in_ioctl_change_ifaddr(8040691a,ffff800021bc3690,ffff800000a44800,1) at in_ioctl_change_ifaddr+0x5de sys/netinet/in.c:452 in_ioctl(8040691a,ffff800021bc3690,ffff800000a44800,1) at in_ioctl+0x205 sys/netinet/in.c:234 ifioctl(fffffd806f6cc480,8040691a,ffff800021bc3690,ffff800020a5f3c8) at ifioctl+0xb64 sys/net/if.c:2202 sys_ioctl(ffff800020a5f3c8,ffff800021bc37a8,ffff800021bc37f0) at sys_ioctl+0x5b9 syscall(ffff800021bc3870) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800021bc3870) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,188b64dc010) at Xsyscall+0x128 end of kernel end trace frame: 0x18b68ae7750, count: -12 ddb{1}> show registers rdi 0xffffffff81807637 db_enter+0x17 rsi 0x3eec __ALIGN_SIZE+0x2eec rbp 0xffff800021bc30e0 rbx 0xffff800021bc3190 rdx 0x3eed __ALIGN_SIZE+0x2eed rcx 0xffff800021552000 rax 0xffff800021552000 r8 0xffffffff8142986f kprintf+0x16f r9 0x1 r10 0x25 r11 0x2efd97c2b63bb56 r12 0x3000000008 r13 0xffff800021bc30f0 r14 0x100 r15 0x1 rip 0xffffffff81807638 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021bc30d0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.0) pid=493682 stat=onproc flags process=0 proc=4000000 pri=80, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff800020a5f8b8,0xffffffff82642bb0 process=0xffff800020a8b190 user=0xffff800021bbe000, vmspace=0xfffffd807f00bcf0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 49968 116831 78424 0 7 0 syz-executor.0 *49968 493682 78424 0 7 0x4000000 syz-executor.0 74938 482098 27599 0 3 0x80 nanosleep syz-executor.1 74938 467491 27599 0 3 0x4000080 netcon syz-executor.1 74938 519763 27599 0 3 0x4000080 fsleep syz-executor.1 78424 218368 68628 0 3 0x82 nanosleep syz-executor.0 27599 46341 68628 0 3 0x82 nanosleep syz-executor.1 28048 392305 0 0 3 0x14200 acct acct 85333 299020 1 0 3 0x100083 ttyin getty 22364 217268 0 0 3 0x14200 bored sosplice 68628 113877 72222 0 3 0x82 thrsleep syz-fuzzer 68628 111122 72222 0 3 0x4000082 nanosleep syz-fuzzer 68628 486097 72222 0 3 0x4000082 thrsleep syz-fuzzer 68628 411061 72222 0 3 0x4000082 thrsleep syz-fuzzer 68628 253426 72222 0 3 0x4000082 thrsleep syz-fuzzer 68628 146583 72222 0 3 0x4000082 thrsleep syz-fuzzer 68628 380312 72222 0 3 0x4000082 thrsleep syz-fuzzer 68628 188476 72222 0 3 0x4000082 thrsleep syz-fuzzer 68628 508797 72222 0 3 0x4000082 kqread syz-fuzzer 68628 88301 72222 0 3 0x4000082 thrsleep syz-fuzzer 72222 203050 78754 0 3 0x10008a pause ksh 78754 494196 58229 0 3 0x92 select sshd 58229 465184 1 0 3 0x80 select sshd 84812 508317 93857 74 3 0x100092 bpf pflogd 93857 241590 1 0 3 0x80 netio pflogd 78744 338028 2934 73 3 0x100090 kqread syslogd 2934 423301 1 0 3 0x100082 netio syslogd 57168 521031 0 0 3 0x14200 pgzero zerothread 23730 314070 0 0 3 0x14200 aiodoned aiodoned 35967 199184 0 0 3 0x14200 syncer update 18992 431637 0 0 3 0x14200 cleaner cleaner 25473 152481 0 0 3 0x14200 reaper reaper 75741 317146 0 0 3 0x14200 pgdaemon pagedaemon 88113 27176 0 0 3 0x14200 bored crynlk 93106 496399 0 0 3 0x14200 bored crypto 27696 249915 0 0 3 0x40014200 acpi0 acpi0 8776 296916 0 0 3 0x40014200 idle1 95244 384060 0 0 3 0x14200 bored softnet 83292 127142 0 0 3 0x14200 bored systqmp 56407 296321 0 0 3 0x14200 bored systq 9278 54478 0 0 3 0x40014200 bored softclock 63918 371217 0 0 3 0x40014200 idle0 52691 27770 0 0 3 0x14200 bored smr 1 280471 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 49968 (syz-executor.0) thread 0xffff800020a5f3c8 (493682) exclusive rwlock netlock r = 0 (0xffffffff824b42d8) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 in_ioctl_change_ifaddr+0x3f #2 in_ioctl+0x205 sys/netinet/in.c:234 #3 ifioctl+0xb64 sys/net/if.c:2202 #4 sys_ioctl+0x5b9 #5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff826329b0) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9598 7180K 8224K 78643K 21913 0 0 pcb 13 12K 14K 78643K 897 0 0 rtable 109 13K 15K 78643K 3531 0 0 ifaddr 90 24K 28K 78643K 1151 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1741 0 0 iov 0 0K 24K 78643K 950 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1232 77K 79K 78643K 6305 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 57 0 0 VM map 38 19K 19K 78643K 69 0 0 sem 11 1K 1K 78643K 13 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 6 17K 25K 78643K 5652 0 0 sigio 0 0K 0K 78643K 65 0 0 proc 57 51K 95K 78643K 2551 0 0 subproc 32 2K 2K 78643K 665 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 380 0 0 in_multi 26 1K 2K 78643K 817 0 0 ether_multi 1 0K 0K 78643K 73 0 0 mrt 1 0K 0K 78643K 26 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 90 397K 397K 78643K 90 0 0 exec 0 0K 1K 78643K 1223 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 203 398K 398K 78643K 20874 0 0 UVM aobj 130 8K 8K 78643K 143 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 965 0 0 NDP 21 0K 1K 78643K 381 0 0 temp 235 3561K 4201K 78643K 141647 0 0 kqueue 0 0K 0K 78643K 47 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 132 0 128 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 430 0 430 10 9 1 1 0 8 1 rtentry 112 715 0 678 2 0 2 2 0 8 0 unpcb 120 2293 0 2285 3 2 1 2 0 8 0 syncache 264 25 0 25 12 11 1 1 0 8 1 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 28 0 28 9 8 1 1 0 8 1 tcpcb 544 2504 0 2496 49 47 2 14 0 8 1 inpcb 280 6818 0 6810 78 76 2 13 0 8 1 rttmr 72 9 0 9 4 4 0 1 0 8 0 ip6q 72 7 0 7 5 5 0 1 0 8 0 ip6af 40 20 0 20 5 5 0 1 0 8 0 nd6 48 111 0 109 2 1 1 1 0 8 0 pkpcb 40 18 0 18 8 8 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 148 0 148 26 25 1 1 0 8 1 pffrag 232 115 0 115 26 25 1 1 0 482 1 pffrnode 88 115 0 115 26 25 1 1 0 8 1 pffrent 40 2223 0 2223 26 25 1 1 0 8 1 pfosfp 40 846 0 846 5 5 0 5 0 8 0 pfosfpen 112 1428 0 1428 21 21 0 21 0 8 0 pfstitem 24 494 0 427 1 0 1 1 0 8 0 pfstkey 112 495 0 428 4 2 2 3 0 8 0 pfstate 328 495 0 427 11 5 6 7 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 14 0 13 12 11 1 3 0 8 0 art_heap4 256 3117 0 2910 43 27 16 16 0 8 2 art_table 32 3131 0 2923 4 2 2 3 0 8 0 art_node 16 713 0 680 1 0 1 1 0 8 0 sysvmsgpl 40 27 0 21 1 0 1 1 0 8 0 semapl 112 11 0 2 1 0 1 1 0 8 0 shmpl 112 141 0 13 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 10771 0 9349 47 0 47 47 0 8 0 ffsino 272 10771 0 9349 96 0 96 96 0 8 0 nchpl 144 21396 0 19759 62 1 61 61 0 8 0 uvmvnodes 72 6186 0 0 113 0 113 113 0 8 0 vnodes 208 6186 0 0 326 0 326 326 0 8 0 namei 1024 77726 0 77726 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vcpupl 1984 36 0 0 5 0 5 5 0 8 0 vmpool 552 67 0 31 4 1 3 3 0 8 0 scsiplug 64 9 0 9 7 6 1 1 0 8 1 scxspl 192 60858 0 60858 44 41 3 7 0 8 3 plimitpl 152 418 0 411 1 0 1 1 0 8 0 sigapl 432 5742 0 5728 3 1 2 3 0 8 0 futexpl 56 107511 0 107510 2 1 1 1 0 8 0 knotepl 112 2100 0 2081 4 3 1 2 0 8 0 kqueuepl 104 2316 0 2314 10 9 1 4 0 8 0 pipepl 112 3852 0 3833 10 8 2 2 0 8 1 fdescpl 488 5743 0 5728 3 0 3 3 0 8 0 filepl 152 54088 0 53994 65 59 6 14 0 8 1 lockfpl 104 2406 0 2406 3 2 1 1 0 8 1 lockfspl 48 689 0 689 3 2 1 1 0 8 1 sessionpl 112 56 0 47 1 0 1 1 0 8 0 pgrppl 48 141 0 132 1 0 1 1 0 8 0 ucredpl 96 6788 0 6780 1 0 1 1 0 8 0 zombiepl 144 5730 0 5730 2 1 1 1 0 8 1 processpl 896 5762 0 5730 4 0 4 4 0 8 0 procpl 632 18149 0 18105 19 15 4 5 0 8 0 srpgc 64 52 0 52 18 17 1 1 0 8 1 sosppl 128 63 0 63 19 19 0 1 0 8 0 sockpl 384 9605 0 9589 113 109 4 22 0 8 2 mcl64k 65536 290 0 0 34 0 34 34 0 8 0 mcl16k 16384 21 0 0 3 1 2 3 0 8 0 mcl12k 12288 28 0 0 2 0 2 2 0 8 0 mcl9k 9216 25 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 33 0 0 4 1 3 3 0 8 0 mcl2k2 2112 10 0 0 1 0 1 1 0 8 0 mcl2k 2048 150 0 0 17 0 17 17 0 8 0 mtagpl 80 62 0 0 1 0 1 1 0 8 0 mbufpl 256 976 0 0 28 1 27 28 0 8 0 bufpl 256 27802 0 20754 441 0 441 441 0 8 0 anonpl 16 690154 0 670690 277 182 95 99 0 124 11 amapchunkpl 152 40901 0 40741 66 56 10 20 0 158 0 amappl16 192 31147 0 30018 309 245 64 69 0 8 7 amappl15 184 1251 0 1247 5 4 1 1 0 8 0 amappl14 176 1278 0 1277 1 0 1 1 0 8 0 amappl13 168 629 0 627 8 7 1 1 0 8 0 amappl12 160 622 0 621 1 0 1 1 0 8 0 amappl11 152 160 0 152 1 0 1 1 0 8 0 amappl10 144 767 0 762 1 0 1 1 0 8 0 amappl9 136 2266 0 2259 1 0 1 1 0 8 0 amappl8 128 1785 0 1740 2 0 2 2 0 8 0 amappl7 120 941 0 930 1 0 1 1 0 8 0 amappl6 112 118 0 101 1 0 1 1 0 8 0 amappl5 104 1041 0 1030 1 0 1 1 0 8 0 amappl4 96 6174 0 6139 1 0 1 1 0 8 0 amappl3 88 1135 0 1122 1 0 1 1 0 8 0 amappl2 80 43486 0 43406 3 1 2 3 0 8 0 amappl1 72 139312 0 138885 26 16 10 20 0 8 0 amappl 80 19119 0 19043 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 142 0 13 3 0 3 3 0 8 0 uaddrrnd 24 5810 0 5728 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5810 0 5728 1 0 1 1 0 8 0 vmmpekpl 168 50995 0 50952 3 0 3 3 0 8 0 vmmpepl 168 738720 0 736304 513 372 141 149 0 357 28 vmsppl 368 5742 0 5728 2 0 2 2 0 8 0 pdppl 4096 11627 0 11554 13 3 10 10 0 8 0 pvpl 32 1825240 0 1804352 539 331 208 220 0 265 28 pmappl 232 5809 0 5759 4 1 3 3 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 754 0 95 19 0 19 19 0 8 0