panic: kernel diagnostic assertion "info->rti_ifa->ifa_ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 996 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *359473 47692 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83410aeb) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833bb415,ffffffff8335c3b7,3e4,ffffffff833366e9) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c987078,38,ffff80003c986ff0,0) at rtrequest+0xf10 rtlabel_id2sa sys/net/route.c:1812 [inline] rtrequest(1,ffff80003c987078,38,ffff80003c986ff0,0) at rtrequest+0xf10 sys/net/route.c:990 rtm_output(ffff8000014d6400,ffff80003c987120,ffff80003c987078,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd806ec4c800,ffff800010fdd6b8) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff800010fdd6b8,fffffd806ec4c800,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff800010fdd6b8,0,ffff80003c9872c8,0,0,0) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff80002a7d3c48,4,ffff80003c9873c0,0,ffff80003c987470) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80002a7d3c48,ffff80003c987520,ffff80003c987470) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c987520) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c987520) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x725ec771360, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "info->rti_ifa->ifa_ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 996 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83410aeb) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833bb415,ffffffff8335c3b7,3e4,ffffffff833366e9) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c987078,38,ffff80003c986ff0,0) at rtrequest+0xf10 rtlabel_id2sa sys/net/route.c:1812 [inline] rtrequest(1,ffff80003c987078,38,ffff80003c986ff0,0) at rtrequest+0xf10 sys/net/route.c:990 rtm_output(ffff8000014d6400,ffff80003c987120,ffff80003c987078,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd806ec4c800,ffff800010fdd6b8) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff800010fdd6b8,fffffd806ec4c800,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff800010fdd6b8,0,ffff80003c9872c8,0,0,0) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff80002a7d3c48,4,ffff80003c9873c0,0,ffff80003c987470) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80002a7d3c48,ffff80003c987520,ffff80003c987470) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c987520) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c987520) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x725ec771360, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003c986e00 rbx 0x3 rdx 0xffff80000143cb80 rcx 0 rax 0xffff80002a7d3c48 r8 0 r9 0x8080808080808080 r10 0x4d962dac79c6d278 r11 0x45a28975ebb8590 r12 0 r13 0xffff800000b50a00 r14 0 r15 0x1 rip 0xffffffff820b9035 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c986df0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=359473 pid=47692 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7d2018,0xffff80003a553228 process=0xffff8000ffffb430 user=0xffff80003c982000, vmspace=0xfffffd806c07b718 estcpu=34, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 47692 507880 51979 0 2 0 syz-executor *47692 359473 51979 0 7 0x4000000 syz-executor 85882 37329 5837 0 2 0x82000 syz-executor 85882 124301 5837 0 3 0x4002000 suspend syz-executor 81134 228840 69376 0 2 0 syz-executor 81134 32472 69376 0 3 0x4000080 fsleep syz-executor 12179 299670 15678 0 3 0 vmmaplk syz-executor 12179 327333 15678 0 3 0x4000000 physio syz-executor 21953 382141 0 0 3 0x14200 acct acct 94758 404344 49017 0 3 0x82 wait syz-executor 67603 410010 49017 0 2 0x2 syz-executor 15678 295005 49017 0 2 0x482 syz-executor 5837 261905 49017 0 3 0x82 nanoslp syz-executor 51979 170272 49017 0 3 0x82 nanoslp syz-executor 92443 256729 49017 0 3 0x82 wait syz-executor 69376 100210 49017 0 2 0x482 syz-executor 34319 334329 1 0 3 0x100083 ttyin getty 81917 376835 0 0 3 0x14200 bored sosplice 73474 502503 49017 0 2 0x2 syz-executor 49017 412477 41289 0 3 0x82 kqread syz-executor 41289 89799 42154 0 3 0x10008a sigsusp ksh 42154 220580 43164 0 3 0x98 kqread sshd-session 43164 339706 44256 0 3 0x92 kqread sshd-session 44256 387068 1 0 3 0x88 kqread sshd 93312 319052 2046 73 3 0x1100090 kqread syslogd 2046 32912 1 0 3 0x100082 sbwait syslogd 20130 448390 1 0 3 0x100080 kqread resolvd 39465 135922 23969 77 3 0x100092 kqread dhcpleased 89724 411312 23969 77 3 0x100092 kqread dhcpleased 23969 116511 1 0 3 0x80 kqread dhcpleased 46433 232822 0 0 3 0x14200 bored smr 4617 401111 0 0 2 0x14200 zerothread 63580 114935 0 0 3 0x14200 aiodoned aiodoned 23661 70020 0 0 3 0x14200 syncer update 14580 347945 0 0 3 0x14200 cleaner cleaner 1374 393049 0 0 3 0x14200 reaper reaper 36491 87029 0 0 3 0x14200 pgdaemon pagedaemon 2738 125160 0 0 3 0x14200 bored viomb 7398 504682 0 0 3 0x40014200 acpi0 acpi0 40582 32600 0 0 3 0x14200 bored softnet3 80971 189414 0 0 3 0x14200 bored softnet2 49076 397434 0 0 3 0x14200 bored softnet1 34755 331568 0 0 3 0x14200 bored softnet0 71514 444244 0 0 3 0x14200 bored systqmp 82085 421470 0 0 3 0x14200 bored systq 56615 486389 0 0 3 0x40014200 tmoslp softclock 54512 206430 0 0 3 0x40014200 idle0 1 63137 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10222 11132K 11697K 166960K 14884 0 pcb 17 18K 20K 166960K 334 0 rtable 250 12K 12K 166960K 826 0 pf 39 15K 19K 166960K 230 0 ifaddr 42 8K 8K 166960K 156 0 ifgroup 54 2K 2K 166960K 258 0 sysctl 4 1K 1K 166960K 10 0 counters 31 17K 18K 166960K 120 0 ioctlops 0 0K 4K 166960K 361 0 iov 0 0K 16K 166960K 110 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1490 94K 94K 166960K 3793 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 55 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 185 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 106K 166960K 2145 0 sigio 0 0K 0K 166960K 49 0 proc 60 59K 124K 166960K 922 0 subproc 72 4K 4K 166960K 144 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 353 0 in_multi 85 6K 7K 166960K 279 0 ether_multi 1 0K 0K 166960K 23 0 mrt 2 0K 0K 166960K 9 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 265 1182K 1182K 166960K 265 0 exec 0 0K 2K 166960K 715 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 69 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 220 151K 168K 166960K 20078 0 UVM aobj 131 8K 8K 166960K 137 0 pinsyscall 37 74K 100K 166960K 3383 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 112 0 NDP 12 0K 2K 166960K 111 0 temp 76 8680K 8767K 166960K 65956 0 kqueue 15 20K 30K 166960K 369 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 283 0 278 3 2 1 3 0 8 0 rtentry 136 267 0 163 4 0 4 4 0 8 0 unpcb 144 2105 0 2089 9 5 4 6 0 8 3 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpcb 808 694 0 690 10 6 4 7 0 8 3 arp 88 60 0 38 1 0 1 1 0 8 0 ipq 40 3 0 1 1 0 1 1 0 8 0 ipqe 40 5 0 2 1 0 1 1 0 8 0 inpcb 344 2424 0 2416 12 8 4 10 0 8 2 nd6 104 56 0 37 1 0 1 1 0 8 0 pkpcb 40 79 0 79 1 1 0 1 0 8 0 kcovpl 48 16 0 8 1 0 1 1 0 8 0 ppxss 1072 61 0 61 2 1 1 1 0 8 1 pppxif 1384 10 0 10 2 1 1 1 0 8 1 pfstscr 40 1 0 0 1 0 1 1 0 8 0 pfrktable 1344 6 0 2 1 0 1 1 0 8 0 pfanchor 1288 5 0 0 1 0 1 1 0 8 0 pftag 88 5 0 0 1 0 1 1 0 8 0 pfqueue 320 1 0 0 1 0 1 1 0 8 0 pfstitem 24 8 0 0 1 0 1 1 0 8 0 pfstkey 128 10 0 4 1 0 1 1 0 8 0 pfstate 344 5 0 1 1 0 1 1 0 8 0 pfrule 1344 17 0 11 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 951 0 542 31 3 28 29 0 8 0 art_table 32 953 0 542 4 0 4 4 0 8 0 art_node 16 264 0 177 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 9 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 179 0 169 1 0 1 1 0 8 0 shmpl 112 134 0 6 4 0 4 4 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 5325 0 3815 95 0 95 95 0 8 0 ffsino 248 5325 0 3815 95 0 95 95 0 8 0 nchpl 144 8259 0 6564 64 0 64 64 0 8 0 rtmask 32 7 0 7 1 1 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 31993 0 31993 2 1 1 2 0 8 1 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 158 0 134 3 1 2 3 0 8 0 acpiwqpl 32 3 0 3 1 0 1 1 1 8 1 scsiplug 72 9 0 9 2 1 1 1 0 8 1 scxspl 216 28568 0 28567 9 7 2 8 1 8 1 plimitpl 152 683 0 666 1 0 1 1 0 8 0 sigapl 424 2411 0 2365 7 1 6 7 0 8 0 futexpl 64 31999 0 31998 1 0 1 1 0 8 0 knotepl 120 550529 0 550481 24 14 10 17 0 8 4 kqueuepl 184 848 0 838 4 3 1 4 0 8 0 pipepl 296 333 0 306 5 2 3 5 0 8 0 fdescpl 440 2387 0 2359 5 1 4 5 0 8 0 filepl 120 19206 0 18988 15 5 10 14 0 8 1 lockfpl 104 720 0 718 2 1 1 2 0 8 0 lockfspl 48 231 0 229 1 0 1 1 0 8 0 sessionpl 144 31 0 23 1 0 1 1 0 8 0 pgrppl 48 137 0 121 1 0 1 1 0 8 0 ucredpl 104 3832 0 3820 1 0 1 1 0 8 0 zombiepl 144 2367 0 2365 2 1 1 1 0 8 0 processpl 1112 2411 0 2365 4 0 4 4 0 8 0 procpl 656 5217 0 5167 6 0 6 6 0 8 0 sosppl 168 9 0 9 1 1 0 1 0 8 0 sockpl 528 4929 0 4901 26 17 9 15 0 8 7 mcl64k 65536 139 0 139 2 1 1 1 0 8 1 mcl16k 16384 8 0 8 2 1 1 1 0 8 1 mcl12k 12288 4 0 4 1 1 0 1 0 8 0 mcl9k 9216 6 0 6 2 1 1 1 0 8 1 mcl8k 8192 20 0 20 1 1 0 1 0 8 0 mcl4k 4096 5061 0 5010 14 6 8 14 0 8 1 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 2208 0 2194 6 3 3 5 0 8 0 mtagpl 96 234 0 80 5 1 4 4 0 8 0 mbufpl 256 25803 0 25433 34 5 29 29 0 8 5 bufpl 280 7972 0 1743 446 0 446 446 0 8 0 anonpl 24 343628 0 332848 91 1 90 91 0 187 0 amapchunkpl 152 68994 0 68460 46 14 32 39 0 158 5 amappl16 200 6754 0 6347 41 7 34 35 0 8 0 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 128 0 118 1 0 1 1 0 8 0 amappl13 176 6 0 6 1 1 0 1 0 8 0 amappl12 168 3124 0 3096 3 1 2 3 0 8 0 amappl11 160 53 0 42 1 0 1 1 0 8 0 amappl10 152 8 0 8 1 1 0 1 0 8 0 amappl9 144 317 0 317 1 1 0 1 0 8 0 amappl8 136 27 0 24 1 0 1 1 0 8 0 amappl7 128 135 0 124 1 0 1 1 0 8 0 amappl6 120 317 0 314 1 0 1 1 0 8 0 amappl5 112 153 0 146 1 0 1 1 0 8 0 amappl4 104 388 0 368 1 0 1 1 0 8 0 amappl3 96 13886 0 13787 4 0 4 4 0 8 0 amappl2 88 755 0 696 2 0 2 2 0 8 0 amappl1 80 16683 0 16142 14 2 12 14 0 8 0 amappl 88 18870 0 18712 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 1 1 0 1 0 8 0 dma128 128 289 0 289 2 1 1 1 0 8 1 dma64 64 7 0 7 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 136 0 6 3 0 3 3 0 8 0 uaddrrnd 24 2387 0 2359 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2387 0 2359 1 0 1 1 0 8 0 vmmpekpl 168 17178 0 17126 3 0 3 3 0 8 0 vmmpepl 168 152197 0 150009 116 4 112 116 0 357 0 vmsppl 360 2386 0 2359 4 1 3 4 0 8 0 rwobjpl 32 42839 0 35563 61 1 60 61 0 8 0 pdppl 4096 4780 0 4718 122 56 66 82 0 8 4 pvpl 32 1022118 0 1005948 173 7 166 173 0 265 0 pmappl 216 2386 0 2359 3 1 2 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 328 0 86 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83410aeb) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833bb415,ffffffff8335c3b7,3e4,ffffffff833366e9) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c987078,38,ffff80003c986ff0,0) at rtrequest+0xf10 rtlabel_id2sa sys/net/route.c:1812 [inline] rtrequest(1,ffff80003c987078,38,ffff80003c986ff0,0) at rtrequest+0xf10 sys/net/route.c:990 rtm_output(ffff8000014d6400,ffff80003c987120,ffff80003c987078,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd806ec4c800,ffff800010fdd6b8) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff800010fdd6b8,fffffd806ec4c800,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff800010fdd6b8,0,ffff80003c9872c8,0,0,0) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff80002a7d3c48,4,ffff80003c9873c0,0,ffff80003c987470) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80002a7d3c48,ffff80003c987520,ffff80003c987470) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c987520) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c987520) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x725ec771360, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83410aeb) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833bb415,ffffffff8335c3b7,3e4,ffffffff833366e9) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c987078,38,ffff80003c986ff0,0) at rtrequest+0xf10 rtlabel_id2sa sys/net/route.c:1812 [inline] rtrequest(1,ffff80003c987078,38,ffff80003c986ff0,0) at rtrequest+0xf10 sys/net/route.c:990 rtm_output(ffff8000014d6400,ffff80003c987120,ffff80003c987078,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd806ec4c800,ffff800010fdd6b8) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff800010fdd6b8,fffffd806ec4c800,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff800010fdd6b8,0,ffff80003c9872c8,0,0,0) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff80002a7d3c48,4,ffff80003c9873c0,0,ffff80003c987470) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff80002a7d3c48,ffff80003c987520,ffff80003c987470) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c987520) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c987520) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x725ec771360, count: -12