panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1078 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *200224 71028 0 0x8000000 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82928c10) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e1b69,ffffffff8289316d,436,ffffffff828570c7) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000343893f8,0,ffff800034389370,0) at rtrequest+0xb49 sys/net/route.c:1078 rtm_output(ffff800000db5100,ffff8000343894a0,ffff8000343893f8,0,0) at rtm_output+0x614 sys/net/rtsock.c:959 route_output(fffffd807f029b00,fffffd806bd285d0) at route_output+0x6bb sys/net/rtsock.c:864 route_send(fffffd806bd285d0,fffffd807f029b00,0,0) at route_send+0x8f sys/net/rtsock.c:340 sosend(fffffd806bd285d0,0,ffff800034389658,0,0,0) at sosend+0x663 sendit(ffff80002f5362d0,3,ffff800034389750,0,ffff800034389800) at sendit+0x54c sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002f5362d0,ffff8000343898b0,ffff800034389800) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff8000343898b0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8b69daacbb0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1078 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82928c10) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e1b69,ffffffff8289316d,436,ffffffff828570c7) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000343893f8,0,ffff800034389370,0) at rtrequest+0xb49 sys/net/route.c:1078 rtm_output(ffff800000db5100,ffff8000343894a0,ffff8000343893f8,0,0) at rtm_output+0x614 sys/net/rtsock.c:959 route_output(fffffd807f029b00,fffffd806bd285d0) at route_output+0x6bb sys/net/rtsock.c:864 route_send(fffffd806bd285d0,fffffd807f029b00,0,0) at route_send+0x8f sys/net/rtsock.c:340 sosend(fffffd806bd285d0,0,ffff800034389658,0,0,0) at sosend+0x663 sendit(ffff80002f5362d0,3,ffff800034389750,0,ffff800034389800) at sendit+0x54c sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002f5362d0,ffff8000343898b0,ffff800034389800) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff8000343898b0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8b69daacbb0, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800034389180 rbx 0xffff800000e1d9a0 rdx 0xffff800000e23540 rcx 0 rax 0xffff80002f5362d0 r8 0 r9 0x8080808080808080 r10 0x246429b33348964b r11 0xfff14cd816f1a248 r12 0 r13 0x10000 __ALIGN_SIZE+0xf000 r14 0 r15 0x1 rip 0xffffffff8151906c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800034389170 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) tid=200224 pid=71028 tcnt=2 stat=onproc flags process=8000000 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002f5367f0,0xffff80002f536a90 process=0xffff80003780ccb0 user=0xffff800034384000, vmspace=0xfffffd806978e2c0 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 22325 190316 71120 0 2 0x8000000 syz-executor.1 22325 393649 71120 0 3 0xc000080 fsleep syz-executor.1 71028 193776 86352 0 2 0x8000000 syz-executor.0 *71028 200224 86352 0 7 0xc000000 syz-executor.0 87054 348686 28248 0 2 0x8000000 syz-executor.4 14283 339481 91389 0 3 0x8000080 nanoslp syz-executor.7 14283 412876 91389 0 3 0xc000080 netio syz-executor.7 14283 463599 91389 0 3 0xc000080 fsleep syz-executor.7 37150 15839 47538 0 3 0x8000080 nanoslp syz-executor.6 37150 129086 47538 0 3 0xc000080 sbwait syz-executor.6 37150 510965 47538 0 3 0xc000080 fsleep syz-executor.6 22775 276387 61683 0 3 0x8000080 nanoslp syz-executor.5 22775 194982 61683 0 3 0xc000080 fifor syz-executor.5 22775 174346 61683 0 3 0xc000080 fsleep syz-executor.5 71936 119223 94489 0 3 0x8000080 nanoslp syz-executor.3 71936 11066 94489 0 3 0xc000080 netcon2 syz-executor.3 71936 223367 94489 0 3 0xc000080 fsleep syz-executor.3 47538 248014 83653 0 3 0x8000082 nanoslp syz-executor.6 91389 208598 83653 0 3 0x8000082 nanoslp syz-executor.7 86352 81256 83653 0 2 0x8000482 syz-executor.0 71120 308068 83653 0 3 0x8000082 nanoslp syz-executor.1 28248 175752 83653 0 2 0x8000002 syz-executor.4 44329 33326 0 0 3 0x14200 acct acct 61683 407750 83653 0 3 0x8000082 nanoslp syz-executor.5 89809 179882 0 0 3 0x14280 nfsidl nfsio 98034 81620 0 0 3 0x14280 nfsidl nfsio 17288 468984 0 0 3 0x14280 nfsidl nfsio 61641 253093 0 0 3 0x14280 nfsidl nfsio 46410 259304 0 0 3 0x14280 nfsidl nfsio 79324 243212 0 0 3 0x14280 nfsidl nfsio 6583 470736 0 0 3 0x14280 nfsidl nfsio 35410 29225 0 0 3 0x14280 nfsidl nfsio 41084 522679 0 0 3 0x14280 nfsidl nfsio 99791 478158 0 0 3 0x14280 nfsidl nfsio 39299 410730 0 0 3 0x14280 nfsidl nfsio 49207 392414 0 0 3 0x14280 nfsidl nfsio 41873 84274 0 0 3 0x14280 nfsidl nfsio 79794 393828 0 0 3 0x14280 nfsidl nfsio 94069 122096 0 0 3 0x14280 nfsidl nfsio 58814 9198 0 0 3 0x14280 nfsidl nfsio 53352 1655 0 0 3 0x14280 nfsidl nfsio 33565 214445 0 0 3 0x14280 nfsidl nfsio 84705 112218 0 0 3 0x14280 nfsidl nfsio 57542 196545 0 0 3 0x14280 nfsidl nfsio 48465 213907 0 0 3 0x14200 bored sosplice 94489 98008 83653 0 3 0x8000082 nanoslp syz-executor.3 83653 505451 16277 0 3 0x1a000082 thrsleep syz-fuzzer 83653 338252 16277 0 3 0x1e000082 thrsleep syz-fuzzer 83653 408257 16277 0 3 0x1e000082 wait syz-fuzzer 83653 180905 16277 0 3 0x1e000082 wait syz-fuzzer 83653 49960 16277 0 3 0x1e000082 wait syz-fuzzer 83653 512122 16277 0 3 0x1e000082 wait syz-fuzzer 83653 414870 16277 0 3 0x1e000082 thrsleep syz-fuzzer 83653 212613 16277 0 3 0x1e000082 thrsleep syz-fuzzer 83653 351405 16277 0 3 0x1e000082 wait syz-fuzzer 83653 158031 16277 0 3 0x1e000082 thrsleep syz-fuzzer 83653 289387 16277 0 3 0x1e000082 thrsleep syz-fuzzer 83653 312449 16277 0 3 0x1e000082 wait syz-fuzzer 83653 151730 16277 0 3 0x1e000082 wait syz-fuzzer 83653 290975 16277 0 3 0x1e000082 kqread syz-fuzzer 83653 129075 16277 0 3 0x1e000082 thrsleep syz-fuzzer 16277 205840 3021 0 3 0x810008a sigsusp ksh 3021 190820 33202 0 3 0x1800009a kqread sshd 92171 513678 1 0 3 0x18100083 ttyin getty 33202 315673 1 0 3 0x18000088 kqread sshd 98837 385773 9096 73 3 0x19100090 kqread syslogd 9096 207391 1 0 3 0x18100082 sbwait syslogd 69794 468484 1 0 3 0x18100080 kqread resolvd 73426 159052 84062 77 3 0x18100092 kqread dhcpleased 95279 388708 84062 77 3 0x18100092 kqread dhcpleased 84062 367320 1 0 3 0x18000080 kqread dhcpleased 72870 315438 0 0 3 0x14200 bored smr 866 136201 0 0 2 0x14200 zerothread 835 373782 0 0 3 0x14200 aiodoned aiodoned 72439 515282 0 0 3 0x14200 syncer update 70200 154712 0 0 3 0x14200 cleaner cleaner 43970 492920 0 0 3 0x14200 reaper reaper 77195 498345 0 0 3 0x14200 pgdaemon pagedaemon 14202 367215 0 0 3 0x14200 bored viomb 31774 126146 0 0 3 0x40014200 acpi0 acpi0 57199 376606 0 0 3 0x14200 bored softnet3 53454 170744 0 0 3 0x14200 bored softnet2 88933 252895 0 0 3 0x14200 bored softnet1 90143 240885 0 0 3 0x14200 bored softnet0 68483 47898 0 0 3 0x14200 bored systqmp 2655 433242 0 0 3 0x14200 bored systq 13588 55415 0 0 3 0x40014200 tmoslp softclock 31014 511900 0 0 3 0x40014200 idle0 1 354736 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10167 6417K 7068K 166960K 13514 0 pcb 15 12K 13K 166960K 177 0 rtable 206 8K 9K 166960K 784 0 pf 28 8K 9K 166960K 86 0 ifaddr 38 10K 11K 166960K 101 0 ifgroup 49 2K 2K 166960K 137 0 sysctl 3 0K 0K 166960K 3 0 counters 29 17K 17K 166960K 56 0 ioctlops 0 0K 2K 166960K 94 0 iov 0 0K 18K 166960K 94 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1392 87K 88K 166960K 2300 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 65 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 111 0 dirhash 12 2K 2K 166960K 45 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 17 61K 69K 166960K 1399 0 sigio 0 0K 0K 166960K 36 0 proc 61 67K 83K 166960K 788 0 subproc 104 6K 6K 166960K 209 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 161 0 in_multi 77 5K 7K 166960K 216 0 ether_multi 1 0K 0K 166960K 8 0 mrt 0 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 580 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 326 97K 99K 166960K 14159 0 UVM aobj 104 7K 7K 166960K 111 0 pinsyscall 37 74K 100K 166960K 2742 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 74 0 NDP 10 0K 2K 166960K 69 0 temp 74 6804K 7440K 166960K 33687 0 kqueue 13 20K 26K 166960K 197 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 340 0 336 3 0 3 3 0 8 2 rtentry 112 211 0 119 4 0 4 4 0 8 1 unpcb 144 924 0 906 6 0 6 6 0 8 5 syncache 336 15 0 15 1 0 1 1 0 8 1 tcpqe 32 289 0 289 1 0 1 1 0 8 1 tcpcb 808 432 0 423 2 0 2 2 0 8 0 arp 88 39 0 23 1 0 1 1 0 8 0 ipq 40 1 0 1 1 0 1 1 0 8 1 ipqe 40 1 0 1 1 0 1 1 0 8 1 inpcb 360 1442 0 1427 8 0 8 8 0 8 6 nd6 104 49 0 31 1 0 1 1 0 8 0 pkpcb 40 10 0 9 1 0 1 1 0 8 0 kcovpl 48 16 0 8 1 0 1 1 0 8 0 ppxss 1072 12 0 12 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 842 0 458 29 0 29 29 0 8 5 art_table 32 843 0 458 4 0 4 4 0 8 0 art_node 16 209 0 126 1 0 1 1 0 8 0 sysvmsgpl 40 21 0 8 1 0 1 1 0 8 0 semupl 112 3 0 3 1 0 1 1 0 8 1 semapl 112 106 0 96 1 0 1 1 0 8 0 shmpl 112 108 0 7 3 0 3 3 0 8 0 dirhash 1024 39 0 22 3 0 3 3 0 8 0 dino2pl 256 3586 0 2073 96 0 96 96 0 8 0 ffsino 240 3586 0 2073 90 0 90 90 0 8 0 nchpl 144 5588 0 3858 66 0 66 66 0 8 0 uvmvnodes 80 4327 0 0 89 0 89 89 0 8 0 vnodes 216 4327 0 0 241 0 241 241 0 8 0 namei 1024 18210 0 18210 3 0 3 3 0 8 3 vcpupl 2048 3 0 1 1 0 1 1 0 8 0 vmpool 664 6 0 4 1 0 1 1 0 8 0 kstatmem 264 74 0 54 2 0 2 2 0 8 0 scxspl 216 25918 0 25918 8 0 8 8 1 8 8 plimitpl 152 262 0 246 1 0 1 1 0 8 0 sigapl 424 1705 0 1639 8 0 8 8 0 8 0 futexpl 64 20995 0 20990 1 0 1 1 0 8 0 knotepl 120 14152 0 14075 10 0 10 10 0 8 7 kqueuepl 184 299 0 289 1 0 1 1 0 8 0 pipepl 288 282 0 256 3 0 3 3 0 8 0 fdescpl 432 1667 0 1639 4 0 4 4 0 8 0 filepl 120 9226 0 8981 15 0 15 15 0 8 6 lockfpl 104 379 0 377 1 0 1 1 0 8 0 lockfspl 48 159 0 157 1 0 1 1 0 8 0 sessionpl 144 31 0 15 1 0 1 1 0 8 0 pgrppl 48 43 0 27 1 0 1 1 0 8 0 ucredpl 104 1221 0 1211 1 0 1 1 0 8 0 zombiepl 144 1640 0 1639 1 0 1 1 0 8 0 processpl 1072 1705 0 1639 5 0 5 5 0 8 0 procpl 656 3184 0 3094 9 0 9 9 0 8 0 sosppl 168 34 0 32 1 0 1 1 0 8 0 sockpl 488 2729 0 2692 32 19 13 30 0 8 8 mcl64k 65536 42 0 41 1 0 1 1 0 8 0 mcl16k 16384 41 0 41 1 0 1 1 0 8 1 mcl12k 12288 57 0 57 1 0 1 1 0 8 1 mcl9k 9216 11 0 11 1 0 1 1 0 8 1 mcl8k 8192 118 0 118 1 0 1 1 0 8 1 mcl4k 4096 219 0 219 1 0 1 1 0 8 1 mcl2k2 2112 15 0 15 1 0 1 1 0 8 1 mcl2k 2048 25108 0 25058 53 39 14 51 0 8 6 mtagpl 96 217 0 151 3 0 3 3 0 8 1 mbufpl 256 58500 0 58270 140 107 33 68 0 8 8 bufpl 280 8189 0 1862 453 0 453 453 0 8 0 anonpl 24 350488 0 344830 84 0 84 84 0 188 30 amapchunkpl 152 46781 0 46067 54 0 54 54 0 158 24 amappl16 200 8667 0 8560 43 25 18 31 0 8 8 amappl15 192 13 0 13 1 0 1 1 0 8 1 amappl14 184 177 0 165 2 0 2 2 0 8 1 amappl13 176 14 0 14 1 0 1 1 0 8 1 amappl12 168 2420 0 2391 2 0 2 2 0 8 0 amappl11 160 54 0 43 1 0 1 1 0 8 0 amappl10 152 53 0 43 1 0 1 1 0 8 0 amappl9 144 220 0 219 1 0 1 1 0 8 0 amappl8 136 230 0 168 3 0 3 3 0 8 0 amappl7 128 87 0 76 1 0 1 1 0 8 0 amappl6 120 471 0 452 2 0 2 2 0 8 1 amappl5 112 208 0 196 1 0 1 1 0 8 0 amappl4 104 592 0 559 2 0 2 2 0 8 0 amappl3 96 9359 0 9272 3 0 3 3 0 8 0 amappl2 88 2190 0 2114 3 0 3 3 0 8 1 amappl1 80 14664 0 14163 22 2 20 22 0 8 8 amappl 88 13425 0 13213 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 110 0 7 2 0 2 2 0 8 0 uaddrrnd 24 1673 0 1643 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1673 0 1643 1 0 1 1 0 8 0 vmmpekpl 168 15841 0 15775 4 0 4 4 0 8 0 vmmpepl 168 121073 0 119128 111 0 111 111 0 357 18 vmsppl 344 1672 0 1643 3 0 3 3 0 8 0 rwobjpl 24 40944 0 35405 35 0 35 35 0 8 0 pdppl 4096 3352 0 3288 165 101 64 67 0 8 0 pvpl 32 818727 0 806658 358 21 337 358 0 265 212 pmappl 216 1672 0 1643 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 594 0 247 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82928c10) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e1b69,ffffffff8289316d,436,ffffffff828570c7) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000343893f8,0,ffff800034389370,0) at rtrequest+0xb49 sys/net/route.c:1078 rtm_output(ffff800000db5100,ffff8000343894a0,ffff8000343893f8,0,0) at rtm_output+0x614 sys/net/rtsock.c:959 route_output(fffffd807f029b00,fffffd806bd285d0) at route_output+0x6bb sys/net/rtsock.c:864 route_send(fffffd806bd285d0,fffffd807f029b00,0,0) at route_send+0x8f sys/net/rtsock.c:340 sosend(fffffd806bd285d0,0,ffff800034389658,0,0,0) at sosend+0x663 sendit(ffff80002f5362d0,3,ffff800034389750,0,ffff800034389800) at sendit+0x54c sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002f5362d0,ffff8000343898b0,ffff800034389800) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff8000343898b0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8b69daacbb0, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82928c10) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e1b69,ffffffff8289316d,436,ffffffff828570c7) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000343893f8,0,ffff800034389370,0) at rtrequest+0xb49 sys/net/route.c:1078 rtm_output(ffff800000db5100,ffff8000343894a0,ffff8000343893f8,0,0) at rtm_output+0x614 sys/net/rtsock.c:959 route_output(fffffd807f029b00,fffffd806bd285d0) at route_output+0x6bb sys/net/rtsock.c:864 route_send(fffffd806bd285d0,fffffd807f029b00,0,0) at route_send+0x8f sys/net/rtsock.c:340 sosend(fffffd806bd285d0,0,ffff800034389658,0,0,0) at sosend+0x663 sendit(ffff80002f5362d0,3,ffff800034389750,0,ffff800034389800) at sendit+0x54c sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002f5362d0,ffff8000343898b0,ffff800034389800) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff8000343898b0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8b69daacbb0, count: -12