panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/net/route.c", line 1078 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *313094 52097 0 0x2 0 0K ifconfig db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ea7c1) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff8309c8d7,ffffffff8300fc57,436,ffffffff83007242) at __assert+0x29 rtrequest(1,ffff8000371aeaf8,4,ffff8000371aeba0,0) at rtrequest+0xdce sys/net/route.c:1078 rt_ifa_add(ffff8000015bd300,840100,ffff8000015bd358,0) at rt_ifa_add+0x22e sys/net/route.c:1273 in_ifinit(ffff8000015be000,ffff8000015bd300,ffff8000371aee10,1) at in_ifinit+0x4bd in_insert_prefix sys/netinet/in.c:770 [inline] in_ifinit(ffff8000015be000,ffff8000015bd300,ffff8000371aee10,1) at in_ifinit+0x4bd sys/netinet/in.c:703 in_ioctl_change_ifaddr(8040691a,ffff8000371aee00,ffff8000015be000) at in_ioctl_change_ifaddr+0x92c sys/netinet/in.c:504 ifioctl(ffff800010fdaa70,8040691a,ffff8000371aee00,ffff80002d97cf70) at ifioctl+0x1571 pru_control sys/sys/protosw.h:355 [inline] ifioctl(ffff800010fdaa70,8040691a,ffff8000371aee00,ffff80002d97cf70) at ifioctl+0x1571 sys/net/if.c:2449 sys_ioctl(ffff80002d97cf70,ffff8000371aefe0,ffff8000371aef30) at sys_ioctl+0x67c syscall(ffff8000371aefe0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371aefe0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e0303f4cd70, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/net/route.c", line 1078 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ea7c1) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff8309c8d7,ffffffff8300fc57,436,ffffffff83007242) at __assert+0x29 rtrequest(1,ffff8000371aeaf8,4,ffff8000371aeba0,0) at rtrequest+0xdce sys/net/route.c:1078 rt_ifa_add(ffff8000015bd300,840100,ffff8000015bd358,0) at rt_ifa_add+0x22e sys/net/route.c:1273 in_ifinit(ffff8000015be000,ffff8000015bd300,ffff8000371aee10,1) at in_ifinit+0x4bd in_insert_prefix sys/netinet/in.c:770 [inline] in_ifinit(ffff8000015be000,ffff8000015bd300,ffff8000371aee10,1) at in_ifinit+0x4bd sys/netinet/in.c:703 in_ioctl_change_ifaddr(8040691a,ffff8000371aee00,ffff8000015be000) at in_ioctl_change_ifaddr+0x92c sys/netinet/in.c:504 ifioctl(ffff800010fdaa70,8040691a,ffff8000371aee00,ffff80002d97cf70) at ifioctl+0x1571 pru_control sys/sys/protosw.h:355 [inline] ifioctl(ffff800010fdaa70,8040691a,ffff8000371aee00,ffff80002d97cf70) at ifioctl+0x1571 sys/net/if.c:2449 sys_ioctl(ffff80002d97cf70,ffff8000371aefe0,ffff8000371aef30) at sys_ioctl+0x67c syscall(ffff8000371aefe0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371aefe0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e0303f4cd70, count: -11 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff8000371ae8f0 rbx 0xffffffff834e4dcf cpu_info_full_primary+0x2dcf rdx 0 rcx 0xffff80002d97cf70 rax 0xffffffff834e3ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x79bd1ac8a464546 r11 0x1660c471f0c126d4 r12 0xffffffff834e4bd0 cpu_info_full_primary+0x2bd0 r13 0 r14 0 r15 0x1 rip 0xffffffff82532665 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff8000371ae8e0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (ifconfig) tid=313094 pid=52097 tcnt=1 stat=onproc flags process=2 proc=0 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002d97ca60,0xffffffff8355e400 process=0xffff80002d7731f8 user=0xffff8000371aa000, vmspace=0xfffffd806c21e8b0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *52097 313094 25427 0 7 0x2 ifconfig 25427 6218 38970 0 3 0x10008a sigsusp sh 50938 202530 97345 0 3 0x2 clonelk ifconfig 97345 44856 57152 0 3 0x10008a sigsusp sh 57152 143603 93471 0 3 0x82 wait syz-executor 38970 329608 93471 0 3 0x82 wait syz-executor 22303 472399 93471 0 3 0x82 piperd syz-executor 3225 432450 93471 0 3 0x82 piperd syz-executor 65842 289209 93471 0 3 0x82 piperd syz-executor 97064 417486 93471 0 3 0x82 piperd syz-executor 71593 429792 93471 0 3 0x82 piperd syz-executor 65056 122541 0 0 3 0x14280 nfsidl nfsio 93116 77683 0 0 3 0x14280 nfsidl nfsio 95946 15714 0 0 3 0x14280 nfsidl nfsio 80806 117971 0 0 3 0x14280 nfsidl nfsio 68800 267635 0 0 3 0x14280 nfsidl nfsio 6777 309975 0 0 3 0x14280 nfsidl nfsio 66032 129310 0 0 3 0x14280 nfsidl nfsio 29228 474322 0 0 3 0x14280 nfsidl nfsio 86771 525 0 0 3 0x14280 nfsidl nfsio 38965 197225 0 0 3 0x14280 nfsidl nfsio 4638 29741 0 0 3 0x14280 nfsidl nfsio 85332 138375 0 0 3 0x14280 nfsidl nfsio 13766 168614 0 0 3 0x14280 nfsidl nfsio 28511 48343 0 0 3 0x14280 nfsidl nfsio 18915 416790 0 0 3 0x14280 nfsidl nfsio 51227 348095 0 0 3 0x14280 nfsidl nfsio 22522 243317 0 0 3 0x14280 nfsidl nfsio 68780 271192 0 0 3 0x14280 nfsidl nfsio 77354 478012 0 0 3 0x14280 nfsidl nfsio 33565 205935 0 0 3 0x14280 nfsidl nfsio 4283 304853 0 0 3 0x14200 bored sosplice 93471 409765 74041 0 3 0x82 wait syz-executor 74041 419310 71886 0 3 0x10008a sigsusp ksh 71886 55478 96577 0 3 0x98 kqread sshd-session 96577 70730 26071 0 3 0x92 kqread sshd-session 59777 439184 1 0 3 0x100083 ttyin getty 26071 349163 1 0 3 0x88 kqread sshd 25580 342746 65786 74 3 0x1100092 bpf pflogd 65786 207077 1 0 3 0x80 sbwait pflogd 91652 493229 19330 73 2 0x1100010 syslogd 19330 515896 1 0 3 0x100082 sbwait syslogd 69189 508089 1 0 3 0x100080 kqread resolvd 47732 399710 4346 77 3 0x100092 kqread dhcpleased 73693 248201 4346 77 3 0x100092 kqread dhcpleased 4346 9329 1 0 3 0x80 kqread dhcpleased 67393 162409 0 0 3 0x14200 bored smr 40284 386384 0 0 2 0x14200 zerothread 93999 84076 0 0 3 0x14200 aiodoned aiodoned 74572 75366 0 0 3 0x14200 syncer update 55057 7432 0 0 3 0x14200 cleaner cleaner 7069 94291 0 0 3 0x14200 reaper reaper 34297 450742 0 0 3 0x14200 pgdaemon pagedaemon 28622 523355 0 0 3 0x14200 bored viomb 78607 196948 0 0 3 0x40014200 acpi0 acpi0 69635 45498 0 0 7 0x40014200 idle1 49402 249687 0 0 3 0x14200 bored softnet3 13633 447290 0 0 3 0x14200 bored softnet2 36115 63908 0 0 3 0x14200 bored softnet1 70888 291040 0 0 3 0x14200 bored softnet0 97504 378254 0 0 3 0x14200 bored systqmp 70444 45494 0 0 3 0x14200 bored systq 15147 107202 0 0 3 0x14200 tmoslp softclockmp 80680 27872 0 0 2 0x40014200 softclock 20866 375530 0 0 3 0x40014200 idle0 1 280873 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 52097 (ifconfig) thread 0xffff80002d97cf70 (313094) Process 91652 (syslogd) thread 0xffff8000ffffdbe8 (493229) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10229 14223K 14808K 166960K 16358 0 pcb 17 20K 22K 166960K 1064 0 rtable 163 6K 8K 166960K 4792 0 pf 33 17K 25K 166960K 415 0 ifaddr 33 7K 9K 166960K 646 0 ifgroup 51 2K 2K 166960K 721 0 sysctl 4 1K 1K 166960K 14 0 counters 62 36K 37K 166960K 416 0 ioctlops 0 0K 4K 166960K 1909 0 iov 0 0K 16K 166960K 355 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1430 90K 90K 166960K 6101 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 28K 32K 166960K 65 0 VM map 2 1K 1K 166960K 2 0 sem 21 28K 28K 166960K 284 0 dirhash 15 2K 3K 166960K 93 0 ACPI 1690 195K 286K 166960K 12418 0 file desc 14 49K 89K 166960K 5315 0 sigio 0 0K 0K 166960K 186 0 proc 87 116K 140K 166960K 4581 0 subproc 104 6K 7K 166960K 1862 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 613 0 in_multi 62 4K 7K 166960K 1703 0 ether_multi 1 0K 0K 166960K 40 0 mrt 1 0K 0K 166960K 8 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 253 1129K 1129K 166960K 253 0 exec 0 0K 1K 166960K 3153 0 pfkey data 0 0K 1K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 186 71K 92K 166960K 42766 0 UVM aobj 45 2K 4K 166960K 48 0 pinsyscall 39 78K 102K 166960K 9863 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 191 0 NDP 15 0K 1K 166960K 473 0 temp 82 6824K 7084K 166960K 260148 0 kqueue 13 20K 32K 166960K 620 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 835 0 832 10 9 1 3 0 8 0 rtentry 112 1664 0 1595 4 0 4 4 0 8 0 unpcb 144 3040 0 3023 39 38 1 6 0 8 0 syncache 336 12 0 12 7 7 0 1 0 8 0 tcpqe 32 7 0 7 3 3 0 1 0 8 0 tcpcb 808 1616 0 1612 53 51 2 14 0 8 1 arp 120 293 0 280 1 0 1 1 0 8 0 inpcb 336 6369 0 6354 91 83 8 16 0 8 5 nd6 136 445 0 431 1 0 1 1 0 8 0 pkpcb 40 47 0 47 9 9 0 1 0 8 0 kcovpl 48 143 0 135 1 0 1 1 0 8 0 ppxss 1168 29 0 29 12 12 0 1 0 8 0 pffrag 232 134 0 131 1 0 1 1 0 482 0 pffrnode 88 130 0 127 1 0 1 1 0 8 0 pffrent 40 423 0 420 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 472 0 408 1 0 1 1 0 8 0 pfstkey 128 472 0 408 5 1 4 4 0 8 0 pfstate 376 472 0 408 12 3 9 10 0 8 0 pfrule 1344 22 0 17 2 1 1 2 0 8 0 art_heap8 4096 4 0 2 4 2 2 3 0 8 0 art_heap4 256 6732 0 6419 48 21 27 30 0 8 1 art_table 32 6736 0 6421 5 1 4 4 0 8 0 art_node 16 1648 0 1588 1 0 1 1 0 8 0 sysvmsgpl 40 42 0 38 2 1 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 277 0 258 1 0 1 1 0 8 0 shmpl 112 45 0 3 2 0 2 2 0 8 0 dirhash 1024 72 0 52 3 0 3 3 0 8 0 dino2pl 256 8269 0 6509 111 0 111 111 0 8 0 ffsino 272 8269 0 6509 118 0 118 118 0 8 0 nchpl 144 13418 0 12643 68 38 30 64 0 8 0 uvmvnodes 80 9834 0 0 201 0 201 201 0 8 0 vnodes 216 9834 0 0 547 0 547 547 0 8 0 namei 1024 63202 0 63202 18 17 1 2 0 8 1 percpumem 16 222 0 177 1 0 1 1 0 8 0 kstatmem 264 376 0 354 4 2 2 3 0 8 0 acpiwqpl 32 3 0 3 1 0 1 1 1 8 1 scsiplug 72 6 0 6 6 6 0 1 0 8 0 scxspl 216 111988 0 111988 19 17 2 8 1 8 2 plimitpl 152 1227 0 1210 1 0 1 1 0 8 0 sigapl 424 5376 0 5309 11 2 9 9 0 8 0 futexpl 64 53517 0 53517 16 15 1 1 0 8 1 knotepl 120 1110 0 0 25 1 24 25 0 8 0 kqueuepl 216 1379 0 1370 21 20 1 5 0 8 0 pipepl 320 1372 0 1345 30 26 4 8 0 8 1 fdescpl 496 5333 0 5305 14 9 5 5 0 8 1 filepl 152 36935 0 36696 102 90 12 23 0 8 1 lockfpl 104 1698 0 1696 3 2 1 2 0 8 0 lockfspl 48 572 0 570 1 0 1 1 0 8 0 sessionpl 144 164 0 155 1 0 1 1 0 8 0 pgrppl 48 422 0 405 1 0 1 1 0 8 0 ucredpl 104 6537 0 6524 1 0 1 1 0 8 0 zombiepl 144 5310 0 5309 3 2 1 1 0 8 0 processpl 1160 5376 0 5309 7 1 6 6 0 8 0 procpl 648 10452 0 10385 12 4 8 8 0 8 1 srpgc 96 39 0 39 12 12 0 1 0 8 0 sosppl 168 22 0 22 9 8 1 1 0 8 1 sockpl 664 10812 0 10778 147 137 10 23 0 8 5 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 313 0 0 31 3 28 31 0 8 0 mtagpl 96 181 0 0 2 0 2 2 0 8 0 mbufpl 256 2553 0 0 146 0 146 146 0 8 0 bufpl 280 24691 0 14834 705 0 705 705 0 8 0 anonpl 24 737975 0 730280 165 69 96 99 0 185 3 amapchunkpl 152 136951 0 136562 97 62 35 36 0 158 12 amappl16 200 15179 0 14958 114 88 26 26 0 8 1 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 403 0 391 1 0 1 1 0 8 0 amappl13 176 11 0 11 1 1 0 1 0 8 0 amappl12 168 8094 0 8066 3 1 2 2 0 8 0 amappl11 160 58 0 44 1 0 1 1 0 8 0 amappl10 152 3 0 3 1 1 0 1 0 8 0 amappl9 144 142 0 142 1 1 0 1 0 8 0 amappl8 136 26 0 22 1 0 1 1 0 8 0 amappl7 128 377 0 364 1 0 1 1 0 8 0 amappl6 120 1490 0 1484 1 0 1 1 0 8 0 amappl5 112 684 0 670 1 0 1 1 0 8 0 amappl4 104 736 0 714 1 0 1 1 0 8 0 amappl3 96 27631 0 27559 6 2 4 4 0 8 1 amappl2 88 2622 0 2549 2 0 2 2 0 8 0 amappl1 80 32886 0 32325 16 3 13 14 0 8 0 amappl 88 41037 0 40912 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 4 0 4 3 3 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 47 0 3 1 0 1 1 0 8 0 uaddrrnd 24 5333 0 5305 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5333 0 5305 1 0 1 1 0 8 0 vmmpekpl 168 44069 0 44011 4 0 4 4 0 8 0 vmmpepl 168 338000 0 336234 190 88 102 105 0 357 5 vmsppl 440 5332 0 5305 6 2 4 5 0 8 0 rwobjpl 56 97220 0 86232 171 11 160 160 0 8 1 pdppl 4096 10673 0 10610 275 204 71 83 0 8 8 pvpl 32 35683 0 0 285 0 285 285 0 265 0 pmappl 248 5332 0 5305 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 930 0 408 16 0 16 16 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830ea7c1) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff8309c8d7,ffffffff8300fc57,436,ffffffff83007242) at __assert+0x29 rtrequest(1,ffff8000371aeaf8,4,ffff8000371aeba0,0) at rtrequest+0xdce sys/net/route.c:1078 rt_ifa_add(ffff8000015bd300,840100,ffff8000015bd358,0) at rt_ifa_add+0x22e sys/net/route.c:1273 in_ifinit(ffff8000015be000,ffff8000015bd300,ffff8000371aee10,1) at in_ifinit+0x4bd in_insert_prefix sys/netinet/in.c:770 [inline] in_ifinit(ffff8000015be000,ffff8000015bd300,ffff8000371aee10,1) at in_ifinit+0x4bd sys/netinet/in.c:703 in_ioctl_change_ifaddr(8040691a,ffff8000371aee00,ffff8000015be000) at in_ioctl_change_ifaddr+0x92c sys/netinet/in.c:504 ifioctl(ffff800010fdaa70,8040691a,ffff8000371aee00,ffff80002d97cf70) at ifioctl+0x1571 pru_control sys/sys/protosw.h:355 [inline] ifioctl(ffff800010fdaa70,8040691a,ffff8000371aee00,ffff80002d97cf70) at ifioctl+0x1571 sys/net/if.c:2449 sys_ioctl(ffff80002d97cf70,ffff8000371aefe0,ffff8000371aef30) at sys_ioctl+0x67c syscall(ffff8000371aefe0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371aefe0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e0303f4cd70, count: -11 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1219 sched_idle(ffff800029b7bff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1219 sched_idle(ffff800029b7bff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: -5