panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 951 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 26372 24263 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e45c9,ffffffff821b3c5d,3b7,ffffffff821c3e15) at __assert+0x2b sys/kern/subr_prf.c:154 rtrequest(1,ffff8000171e5718,4,ffff8000171e57e8,0) at rtrequest+0xbf1 sys/net/route.c:951 rt_ifa_add(ffff800000c30e00,840100,ffff800000c30e58,0) at rt_ifa_add+0x290 sys/net/route.c:1133 in_ifinit(ffff800000b89800,ffff800000c30e00,ffff8000171e5af0,0) at in_ifinit+0x37a in_insert_prefix sys/netinet/in.c:717 [inline] in_ifinit(ffff800000b89800,ffff800000c30e00,ffff8000171e5af0,0) at in_ifinit+0x37a sys/netinet/in.c:648 in_ioctl_change_ifaddr(8040691a,ffff8000171e5ae0,ffff800000b89800,1) at in_ioctl_change_ifaddr+0x5de sys/netinet/in.c:452 in_ioctl(8040691a,ffff8000171e5ae0,ffff800000b89800,1) at in_ioctl+0x205 sys/netinet/in.c:234 ifioctl(fffffd802713eaa8,8040691a,ffff8000171e5ae0,ffff800015934780) at ifioctl+0xb34 sys/net/if.c:2202 sys_ioctl(ffff800015934780,ffff8000171e5bf8,ffff8000171e5c40) at sys_ioctl+0x5b9 syscall(ffff8000171e5cc0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,d0d135d2010) at Xsyscall+0x128 end of kernel end trace frame: 0xd0f239b2990, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 951 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e45c9,ffffffff821b3c5d,3b7,ffffffff821c3e15) at __assert+0x2b sys/kern/subr_prf.c:154 rtrequest(1,ffff8000171e5718,4,ffff8000171e57e8,0) at rtrequest+0xbf1 sys/net/route.c:951 rt_ifa_add(ffff800000c30e00,840100,ffff800000c30e58,0) at rt_ifa_add+0x290 sys/net/route.c:1133 in_ifinit(ffff800000b89800,ffff800000c30e00,ffff8000171e5af0,0) at in_ifinit+0x37a in_insert_prefix sys/netinet/in.c:717 [inline] in_ifinit(ffff800000b89800,ffff800000c30e00,ffff8000171e5af0,0) at in_ifinit+0x37a sys/netinet/in.c:648 in_ioctl_change_ifaddr(8040691a,ffff8000171e5ae0,ffff800000b89800,1) at in_ioctl_change_ifaddr+0x5de sys/netinet/in.c:452 in_ioctl(8040691a,ffff8000171e5ae0,ffff800000b89800,1) at in_ioctl+0x205 sys/netinet/in.c:234 ifioctl(fffffd802713eaa8,8040691a,ffff8000171e5ae0,ffff800015934780) at ifioctl+0xb34 sys/net/if.c:2202 sys_ioctl(ffff800015934780,ffff8000171e5bf8,ffff8000171e5c40) at sys_ioctl+0x5b9 syscall(ffff8000171e5cc0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,d0d135d2010) at Xsyscall+0x128 end of kernel end trace frame: 0xd0f239b2990, count: -12 ddb> show registers rdi 0xffffffff815a86b7 db_enter+0x17 rsi 0x40cb __ALIGN_SIZE+0x30cb rbp 0xffff8000171e5530 rbx 0xffff8000171e55e0 rdx 0x40cc __ALIGN_SIZE+0x30cc rcx 0xffff800016ba4000 rax 0xffff800016ba4000 r8 0xffff8000171e54f0 r9 0x1 r10 0xffff800000a5e9c0 r11 0x9cecf9d8eb327fd8 r12 0x3000000008 r13 0xffff8000171e5540 r14 0x100 r15 0x1 rip 0xffffffff815a86b8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000171e5520 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=26372 stat=onproc flags process=0 proc=4000000 pri=80, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff800015934508,0xffff8000159353e8 process=0xffff8000148a30f8 user=0xffff8000171e0000, vmspace=0xfffffd803f014660 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 24263 11674 93592 0 2 0 syz-executor.1 *24263 26372 93592 0 7 0x4000000 syz-executor.1 24263 494616 93592 0 3 0x4000080 fsleep syz-executor.1 93592 113620 84581 0 3 0x82 nanosleep syz-executor.1 93775 474272 84581 0 2 0x2 syz-executor.0 17935 145101 0 0 3 0x14200 acct acct 89925 372638 1 0 3 0x100083 ttyin getty 651 243237 0 0 3 0x14200 bored sosplice 84581 523710 99971 0 3 0x82 thrsleep syz-fuzzer 84581 76214 99971 0 3 0x4000082 nanosleep syz-fuzzer 84581 344445 99971 0 3 0x4000082 thrsleep syz-fuzzer 84581 18671 99971 0 3 0x4000082 thrsleep syz-fuzzer 84581 163232 99971 0 3 0x4000082 thrsleep syz-fuzzer 84581 44622 99971 0 3 0x4000082 thrsleep syz-fuzzer 84581 131605 99971 0 3 0x4000082 thrsleep syz-fuzzer 84581 89818 99971 0 3 0x4000082 kqread syz-fuzzer 99971 176619 30565 0 3 0x10008a pause ksh 30565 405691 44784 0 3 0x92 select sshd 44784 114848 1 0 3 0x80 select sshd 64609 217137 60456 73 3 0x100090 kqread syslogd 60456 8342 1 0 3 0x100082 netio syslogd 10740 470282 1 77 3 0x100090 poll dhclient 326 334821 1 0 3 0x80 poll dhclient 72953 20260 0 0 2 0x14200 zerothread 54306 509568 0 0 3 0x14200 aiodoned aiodoned 59121 221895 0 0 3 0x14200 syncer update 34598 192950 0 0 3 0x14200 cleaner cleaner 9520 234026 0 0 3 0x14200 reaper reaper 48479 231249 0 0 3 0x14200 pgdaemon pagedaemon 70480 336174 0 0 3 0x14200 bored crynlk 82925 134773 0 0 3 0x14200 bored crypto 93348 348339 0 0 3 0x40014200 acpi0 acpi0 8685 375480 0 0 3 0x14200 bored softnet 92555 501899 0 0 3 0x14200 bored systqmp 90511 522668 0 0 3 0x14200 bored systq 89630 75042 0 0 2 0x40014200 softclock 84606 396326 0 0 3 0x40014200 idle0 50860 213696 0 0 2 0x14200 smr 1 466210 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9633 6523K 15534K 78643K 73569 0 0 pcb 13 13K 15K 78643K 10297 0 0 rtable 151 14K 15K 78643K 13362 0 0 ifaddr 130 36K 39K 78643K 2982 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 1485 0 0 iov 0 0K 40K 78643K 4953 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1212 76K 77K 78643K 22907 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 2512 0 0 VM map 148 37K 37K 78643K 227 0 0 sem 12 0K 1K 78643K 8604 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 22503 0 0 sigio 0 0K 0K 78643K 5070 0 0 proc 50 38K 63K 78643K 7295 0 0 subproc 32 2K 2K 78643K 2150 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 2019 0 0 in_multi 37 2K 2K 78643K 2175 0 0 ether_multi 1 0K 0K 78643K 185 0 0 mrt 3 0K 0K 78643K 140 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 132 583K 583K 78643K 132 0 0 exec 0 0K 1K 78643K 4272 0 0 pfkey data 0 0K 4K 78643K 10 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 340 1269K 1269K 78643K 56769 0 0 UVM aobj 130 4K 4K 78643K 132 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 5251 0 0 NDP 26 0K 1K 78643K 985 0 0 temp 269 3545K 4189K 78643K 874867 0 0 kqueue 0 0K 0K 78643K 2435 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 661 0 653 1 0 1 1 0 8 0 rtpcb 80 1889 0 1887 1 0 1 1 0 8 0 rtentry 112 2667 0 2612 2 0 2 2 0 8 0 unpcb 120 35528 0 35483 23 21 2 2 0 8 0 syncache 264 112 0 112 45 44 1 1 0 8 1 sackhl 24 6 0 6 5 5 0 1 0 8 0 tcpqe 32 123 0 123 20 20 0 1 0 8 0 tcpcb 544 21332 0 21328 180 179 1 15 0 8 0 ipq 40 177 0 177 69 69 0 1 0 8 0 ipqe 40 3075 0 3075 69 69 0 1 0 8 0 inpcb 280 63074 0 63063 204 202 2 14 0 8 1 rttmr 72 53 0 52 13 12 1 1 0 8 0 ip6q 72 8 0 8 7 7 0 1 0 8 0 ip6af 40 17 0 17 6 6 0 1 0 8 0 nd6 48 271 0 267 21 20 1 1 0 8 0 pkpcb 40 115 0 115 37 37 0 1 0 8 0 swfcl 56 5 0 0 1 0 1 1 0 8 0 ppxss 1128 328 0 328 82 82 0 1 0 8 0 art_heap8 4096 101 0 100 44 43 1 4 0 8 0 art_heap4 256 9189 0 8875 106 86 20 22 0 8 0 art_table 32 9290 0 8975 5 2 3 3 0 8 0 art_node 16 2653 0 2606 1 0 1 1 0 8 0 sysvmsgpl 40 133 0 113 1 0 1 1 0 8 0 semupl 112 7 0 7 1 1 0 1 0 8 0 semapl 112 8602 0 8592 1 0 1 1 0 8 0 shmpl 112 130 0 2 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 35055 0 33593 48 0 48 48 0 8 0 ffsino 240 35055 0 33593 87 0 87 87 0 8 0 nchpl 144 73035 0 72483 63 42 21 60 0 8 0 uvmvnodes 72 9868 0 0 180 0 180 180 0 8 0 vnodes 208 9868 0 0 520 0 520 520 0 8 0 namei 1024 268079 0 268079 7 6 1 1 0 8 1 vcpupl 1984 150 0 4 19 0 19 19 0 8 0 vmpool 520 225 0 79 18 8 10 10 0 8 0 scsiplug 64 21 0 21 13 13 0 1 0 8 0 scxspl 192 250581 0 250581 162 159 3 7 0 8 3 plimitpl 152 1575 0 1568 1 0 1 1 0 8 0 sigapl 432 22303 0 22290 2 0 2 2 0 8 0 futexpl 56 877763 0 877762 8 7 1 1 0 8 0 knotepl 112 10061 0 10042 2 1 1 2 0 8 0 kqueuepl 104 13987 0 13985 34 33 1 4 0 8 0 pipepl 112 24240 0 24221 48 46 2 3 0 8 1 fdescpl 424 22304 0 22290 2 0 2 2 0 8 0 filepl 120 275384 0 275284 185 180 5 12 0 8 1 lockfpl 104 8597 0 8596 1 0 1 1 0 8 0 lockfspl 48 2833 0 2832 1 0 1 1 0 8 0 sessionpl 112 142 0 132 1 0 1 1 0 8 0 pgrppl 48 403 0 393 1 0 1 1 0 8 0 ucredpl 96 42212 0 42204 1 0 1 1 0 8 0 zombiepl 144 22301 0 22301 1 0 1 1 0 8 1 processpl 864 22331 0 22301 4 0 4 4 0 8 0 procpl 632 49251 0 49212 6 2 4 5 0 8 0 sosppl 128 310 0 310 76 76 0 1 0 8 0 sockpl 384 105974 0 105916 327 319 8 26 0 8 2 mcl64k 65536 6235 0 6235 542 541 1 64 0 8 1 mcl16k 16384 226 0 226 90 90 0 1 0 8 0 mcl12k 12288 2738 0 2738 43 42 1 1 0 8 1 mcl9k 9216 355 0 355 88 87 1 1 0 8 1 mcl8k 8192 1175 0 1175 39 38 1 1 0 8 1 mcl4k 4096 3030 0 3030 13 12 1 1 0 8 1 mcl2k2 2112 156 0 156 65 64 1 1 0 8 1 mcl2k 2048 118347 0 118300 48 41 7 14 0 8 0 mtagpl 80 819 0 815 31 30 1 1 0 8 0 mbufpl 256 451627 0 451481 695 681 14 42 0 8 1 bufpl 256 100082 0 90213 619 1 618 618 0 8 0 anonpl 16 3851233 0 3830784 657 563 94 101 0 62 5 amapchunkpl 152 119385 0 119190 380 369 11 27 0 158 3 amappl16 192 203003 0 201776 842 772 70 74 0 8 8 amappl15 184 3744 0 3744 18 18 0 1 0 8 0 amappl14 176 4577 0 4571 1 0 1 1 0 8 0 amappl13 168 2924 0 2924 17 17 0 1 0 8 0 amappl12 160 3689 0 3687 1 0 1 1 0 8 0 amappl11 152 1505 0 1494 1 0 1 1 0 8 0 amappl10 144 3010 0 3008 2 1 1 1 0 8 0 amappl9 136 4800 0 4791 1 0 1 1 0 8 0 amappl8 128 4110 0 4041 5 2 3 3 0 8 0 amappl7 120 3468 0 3461 1 0 1 1 0 8 0 amappl6 112 1195 0 1183 1 0 1 1 0 8 0 amappl5 104 4856 0 4847 1 0 1 1 0 8 0 amappl4 96 21585 0 21552 1 0 1 1 0 8 0 amappl3 88 8355 0 8341 1 0 1 1 0 8 0 amappl2 80 171816 0 171731 3 1 2 3 0 8 0 amappl1 72 420934 0 420516 25 16 9 20 0 8 0 amappl 80 51802 0 51673 3 0 3 3 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 131 0 2 3 0 3 3 0 8 0 uaddrrnd 24 22529 0 22290 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 22529 0 22290 2 0 2 2 0 8 0 vmmpekpl 168 145528 0 145476 3 0 3 3 0 8 0 vmmpepl 168 2766501 0 2763796 1311 1150 161 165 0 357 32 vmsppl 272 22303 0 22290 7 6 1 2 0 8 0 pdppl 4096 45064 0 44884 28 5 23 23 0 8 0 pvpl 32 9102216 0 9080960 1323 1117 206 295 0 265 20 pmappl 200 22528 0 22369 12 3 9 9 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 2510 0 1731 29 5 24 24 0 8 0