panic: kernel diagnostic assertion "info->rti_ifa->ifa_ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 996 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *420893 33223 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83422425) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833cbcaf,ffffffff8336f85b,3e4,ffffffff8334a35d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c98afa8,38,ffff80003c98af20,0) at rtrequest+0xf10 rtlabel_id2sa sys/net/route.c:1812 [inline] rtrequest(1,ffff80003c98afa8,38,ffff80003c98af20,0) at rtrequest+0xf10 sys/net/route.c:990 rtm_output(ffff800001491700,ffff80003c98b050,ffff80003c98afa8,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd807eb9a000,ffff8000014f1d30) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff8000014f1d30,fffffd807eb9a000,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff8000014f1d30,0,ffff80003c98b1f8,0,0,0) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff800033d107d0,5,ffff80003c98b2f0,0,ffff80003c98b3a0) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff800033d107d0,ffff80003c98b450,ffff80003c98b3a0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c98b450) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c98b450) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9a0666b7cf0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "info->rti_ifa->ifa_ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 996 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83422425) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833cbcaf,ffffffff8336f85b,3e4,ffffffff8334a35d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c98afa8,38,ffff80003c98af20,0) at rtrequest+0xf10 rtlabel_id2sa sys/net/route.c:1812 [inline] rtrequest(1,ffff80003c98afa8,38,ffff80003c98af20,0) at rtrequest+0xf10 sys/net/route.c:990 rtm_output(ffff800001491700,ffff80003c98b050,ffff80003c98afa8,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd807eb9a000,ffff8000014f1d30) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff8000014f1d30,fffffd807eb9a000,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff8000014f1d30,0,ffff80003c98b1f8,0,0,0) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff800033d107d0,5,ffff80003c98b2f0,0,ffff80003c98b3a0) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff800033d107d0,ffff80003c98b450,ffff80003c98b3a0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c98b450) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c98b450) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9a0666b7cf0, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003c98ad30 rbx 0x3 rdx 0xffff80000143e5c0 rcx 0 rax 0xffff800033d107d0 r8 0 r9 0x8080808080808080 r10 0xcad11d3fb691d394 r11 0xf6ed960070fac78d r12 0 r13 0xffff800000b50e00 r14 0 r15 0x1 rip 0xffffffff82eab1f5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c98ad20 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=420893 pid=33223 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=83, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800033d10020,0xffffffff8397c868 process=0xffff8000ffff95d0 user=0xffff80003c986000, vmspace=0xfffffd806c0b3e20 estcpu=33, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 33223 474004 6160 0 2 0 syz-executor *33223 420893 6160 0 7 0x4000000 syz-executor 6274 450138 6737 0 3 0x90 fsleep syz-executor 6274 479609 6737 0 3 0x4000090 kqsel syz-executor 8583 342201 81445 0 3 0x80 fsleep syz-executor 8583 84149 81445 0 3 0x4000080 kqread syz-executor 20604 106291 47220 0 3 0x80 fsleep syz-executor 20604 253196 47220 0 3 0x4000080 netcon syz-executor 37902 473628 93054 0 3 0x80 fsleep syz-executor 37902 199314 93054 0 3 0x4000080 fifor syz-executor 37902 87240 93054 0 3 0x4000080 fifor syz-executor 75227 208695 5201 0 3 0x80 fsleep syz-executor 75227 65524 5201 0 3 0x4000080 bell syz-executor 73239 10443 60278 60929 3 0x90 fsleep syz-executor 73239 187488 60278 60929 3 0x4000090 ttyin syz-executor 81445 104439 17549 0 2 0x482 syz-executor 29466 443164 0 0 3 0x14280 nfsidl nfsio 7969 430188 0 0 3 0x14280 nfsidl nfsio 92732 233950 0 0 3 0x14280 nfsidl nfsio 81716 129088 0 0 3 0x14280 nfsidl nfsio 74598 286656 0 0 3 0x14280 nfsidl nfsio 42474 488259 0 0 3 0x14280 nfsidl nfsio 37271 483817 0 0 3 0x14280 nfsidl nfsio 39517 472729 0 0 3 0x14280 nfsidl nfsio 35920 60667 0 0 3 0x14280 nfsidl nfsio 49661 251164 0 0 3 0x14280 nfsidl nfsio 48726 457307 0 0 3 0x14280 nfsidl nfsio 51151 94875 0 0 3 0x14280 nfsidl nfsio 27652 70937 0 0 3 0x14280 nfsidl nfsio 22895 47268 0 0 3 0x14280 nfsidl nfsio 34010 322731 0 0 3 0x14280 nfsidl nfsio 91945 125600 0 0 3 0x14280 nfsidl nfsio 14440 278600 0 0 3 0x14280 nfsidl nfsio 3781 112162 0 0 3 0x14280 nfsidl nfsio 67670 373658 0 0 3 0x14280 nfsidl nfsio 3512 351010 0 0 3 0x14280 nfsidl nfsio 69210 92966 0 0 3 0x14200 bored sosplice 47220 490888 17549 0 3 0x82 nanoslp syz-executor 93054 141094 17549 0 3 0x82 nanoslp syz-executor 60278 204666 17549 0 3 0x82 nanoslp syz-executor 5201 235140 17549 0 3 0x82 nanoslp syz-executor 6737 77884 17549 0 3 0x82 nanoslp syz-executor 6160 305524 17549 0 2 0x482 syz-executor 55952 139243 17549 0 3 0x82 wait syz-executor 17549 25710 33968 0 3 0x82 kqread syz-executor 33968 368693 82851 0 3 0x10008a sigsusp ksh 82851 364037 14202 0 3 0x98 kqread sshd-session 14202 430935 19080 0 3 0x92 kqread sshd-session 11205 279793 1 0 3 0x100083 ttyin getty 19080 491637 1 0 3 0x88 kqread sshd 10166 479027 49038 73 3 0x1100090 kqread syslogd 49038 331695 1 0 3 0x100082 sbwait syslogd 4413 373344 1 0 3 0x100080 kqread resolvd 69989 163238 35483 77 3 0x100092 kqread dhcpleased 75014 99709 35483 77 3 0x100092 kqread dhcpleased 35483 412326 1 0 3 0x80 kqread dhcpleased 45847 320385 0 0 3 0x14200 bored smr 1997 353580 0 0 2 0x14200 zerothread 73609 184710 0 0 3 0x14200 aiodoned aiodoned 64440 183651 0 0 3 0x14200 syncer update 12179 329244 0 0 3 0x14200 cleaner cleaner 9507 440755 0 0 3 0x14200 reaper reaper 4500 371338 0 0 3 0x14200 pgdaemon pagedaemon 76809 197382 0 0 3 0x14200 bored viomb 21357 513682 0 0 3 0x40014200 acpi0 acpi0 53838 29010 0 0 3 0x14200 bored softnet3 84665 476590 0 0 3 0x14200 bored softnet2 24647 337219 0 0 3 0x14200 bored softnet1 24708 384156 0 0 3 0x14200 bored softnet0 81686 500634 0 0 3 0x14200 bored systqmp 71325 381182 0 0 3 0x14200 bored systq 63251 68816 0 0 2 0x40014200 softclock 99443 341856 0 0 3 0x40014200 idle0 1 138782 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10220 11130K 11544K 166960K 14291 0 pcb 19 16K 18K 166960K 518 0 rtable 201 11K 11K 166960K 549 0 pf 34 13K 16K 166960K 207 0 ifaddr 35 5K 7K 166960K 100 0 ifgroup 55 2K 2K 166960K 170 0 sysctl 4 1K 1K 166960K 8 0 counters 31 17K 18K 166960K 103 0 ioctlops 0 0K 4K 166960K 278 0 iov 0 0K 17K 166960K 106 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1488 93K 94K 166960K 3144 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 33 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 55 0 dirhash 12 2K 2K 166960K 54 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 236K 166960K 1781 0 sigio 0 0K 0K 166960K 30 0 proc 61 59K 83K 166960K 668 0 subproc 72 4K 4K 166960K 83 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 447 0 in_multi 69 5K 7K 166960K 157 0 ether_multi 1 0K 0K 166960K 12 0 mrt 1 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 634 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 229 152K 170K 166960K 17521 0 UVM aobj 57 8K 10K 166960K 64 0 pinsyscall 39 78K 92K 166960K 2824 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 1 0K 1K 166960K 105 0 NDP 12 0K 1K 166960K 73 0 temp 77 8684K 8812K 166960K 69378 0 kqueue 14 22K 30K 166960K 310 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 163 0 157 1 0 1 1 0 8 0 rtentry 136 161 0 80 4 0 4 4 0 8 0 unpcb 144 1538 0 1521 13 5 8 8 0 8 7 syncache 336 6 0 6 3 2 1 1 0 8 1 tcpqe 32 3 0 3 2 1 1 1 0 8 1 tcpcb 808 572 0 563 15 7 8 8 0 8 7 arp 88 26 0 11 1 0 1 1 0 8 0 ipq 40 6 0 5 1 0 1 1 0 8 0 ipqe 40 7 0 6 1 0 1 1 0 8 0 inpcb 344 2452 0 2437 26 18 8 11 0 8 4 nd6 104 37 0 15 1 0 1 1 0 8 0 pkpcb 40 14 0 14 2 1 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1072 64 0 63 2 1 1 1 0 8 0 pppxif 1384 3 0 3 1 1 0 1 0 8 0 pfrktable 1344 1 0 1 1 0 1 1 0 8 1 pfqueue 320 1 0 1 1 0 1 1 0 8 1 pfrule 1344 10 0 9 3 2 1 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 673 0 323 29 3 26 29 0 8 2 art_table 32 677 0 323 4 0 4 4 0 8 0 art_node 16 159 0 88 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 1 1 1 0 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 52 0 42 1 0 1 1 0 8 0 shmpl 112 61 0 7 2 0 2 2 0 8 0 dirhash 1024 47 0 30 3 0 3 3 0 8 0 dino2pl 256 4854 0 3362 95 0 95 95 0 8 0 ffsino 248 4854 0 3362 95 0 95 95 0 8 0 nchpl 144 7378 0 5691 63 0 63 63 0 8 0 rtmask 32 19 0 19 2 1 1 1 0 8 1 uvmvnodes 80 5940 0 0 122 0 122 122 0 8 0 vnodes 216 5940 0 0 330 0 330 330 0 8 0 namei 1024 25376 0 25376 5 4 1 2 0 8 1 kstatmem 264 108 0 84 2 0 2 2 0 8 0 acpiwqpl 32 3 0 3 1 0 1 1 1 8 1 scsiplug 72 8 0 8 2 1 1 1 0 8 1 scxspl 216 22459 0 22459 12 8 4 8 1 8 4 plimitpl 152 557 0 541 1 0 1 1 0 8 0 sigapl 424 2068 0 2001 8 0 8 8 0 8 0 futexpl 64 25590 0 25584 1 0 1 1 0 8 0 knotepl 120 69009 0 68959 23 13 10 17 0 8 7 kqueuepl 184 641 0 629 4 3 1 4 0 8 0 pipepl 296 439 0 412 13 5 8 8 0 8 5 fdescpl 440 2028 0 1998 5 1 4 5 0 8 0 filepl 120 14628 0 14402 22 9 13 13 0 8 5 lockfpl 104 631 0 628 2 1 1 2 0 8 0 lockfspl 48 210 0 207 1 0 1 1 0 8 0 sessionpl 144 25 0 17 1 0 1 1 0 8 0 pgrppl 48 66 0 50 1 0 1 1 0 8 0 ucredpl 104 2579 0 2566 1 0 1 1 0 8 0 zombiepl 144 2688 0 2687 1 0 1 1 0 8 0 processpl 1112 2068 0 2001 5 0 5 5 0 8 0 procpl 656 4740 0 4665 9 2 7 8 0 8 0 sosppl 168 8 0 8 2 1 1 1 0 8 1 sockpl 528 4201 0 4163 30 18 12 16 0 8 8 mcl64k 65536 30 0 30 3 2 1 1 0 8 1 mcl16k 16384 5 0 5 2 2 0 1 0 8 0 mcl12k 12288 1 0 1 1 1 0 1 0 8 0 mcl9k 9216 6 0 6 2 1 1 1 0 8 1 mcl8k 8192 19 0 19 3 2 1 1 0 8 1 mcl4k 4096 4675 0 4618 14 6 8 13 0 8 0 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 1665 0 1653 5 2 3 3 0 8 1 mtagpl 96 82 0 28 2 0 2 2 0 8 0 mbufpl 256 21696 0 21525 32 16 16 31 0 8 1 bufpl 280 6513 0 286 445 0 445 445 0 8 0 anonpl 24 265984 0 262628 72 27 45 46 0 187 17 amapchunkpl 152 78916 0 78426 52 18 34 34 0 158 12 amappl16 200 4124 0 4083 33 22 11 15 0 8 8 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 113 0 103 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 2647 0 2616 2 0 2 2 0 8 0 amappl11 160 42 0 32 1 0 1 1 0 8 0 amappl10 152 10 0 10 2 2 0 1 0 8 0 amappl9 144 256 0 256 1 1 0 1 0 8 0 amappl8 136 27 0 25 1 0 1 1 0 8 0 amappl7 128 98 0 87 1 0 1 1 0 8 0 amappl6 120 177 0 174 1 0 1 1 0 8 0 amappl5 112 121 0 113 1 0 1 1 0 8 0 amappl4 104 298 0 281 1 0 1 1 0 8 0 amappl3 96 12118 0 12006 4 0 4 4 0 8 0 amappl2 88 639 0 582 2 0 2 2 0 8 0 amappl1 80 14754 0 14202 14 1 13 13 0 8 0 amappl 88 16493 0 16329 5 1 4 5 0 92 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 255 0 255 2 2 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 63 0 7 2 0 2 2 0 8 0 uaddrrnd 24 2028 0 1998 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2028 0 1998 1 0 1 1 0 8 0 vmmpekpl 168 17717 0 17682 3 0 3 3 0 8 0 vmmpepl 168 127956 0 126037 105 11 94 95 0 357 7 vmsppl 360 2027 0 1998 4 1 3 4 0 8 0 rwobjpl 32 37098 0 30241 56 0 56 56 0 8 0 pdppl 4096 4062 0 3996 118 52 66 78 0 8 0 pvpl 32 816292 0 807017 158 47 111 116 0 265 24 pmappl 216 2027 0 1998 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 336 0 102 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83422425) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833cbcaf,ffffffff8336f85b,3e4,ffffffff8334a35d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c98afa8,38,ffff80003c98af20,0) at rtrequest+0xf10 rtlabel_id2sa sys/net/route.c:1812 [inline] rtrequest(1,ffff80003c98afa8,38,ffff80003c98af20,0) at rtrequest+0xf10 sys/net/route.c:990 rtm_output(ffff800001491700,ffff80003c98b050,ffff80003c98afa8,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd807eb9a000,ffff8000014f1d30) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff8000014f1d30,fffffd807eb9a000,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff8000014f1d30,0,ffff80003c98b1f8,0,0,0) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff800033d107d0,5,ffff80003c98b2f0,0,ffff80003c98b3a0) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff800033d107d0,ffff80003c98b450,ffff80003c98b3a0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c98b450) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c98b450) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9a0666b7cf0, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83422425) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833cbcaf,ffffffff8336f85b,3e4,ffffffff8334a35d) at __assert+0x29 sys/kern/subr_prf.c:-1 rtrequest(1,ffff80003c98afa8,38,ffff80003c98af20,0) at rtrequest+0xf10 rtlabel_id2sa sys/net/route.c:1812 [inline] rtrequest(1,ffff80003c98afa8,38,ffff80003c98af20,0) at rtrequest+0xf10 sys/net/route.c:990 rtm_output(ffff800001491700,ffff80003c98b050,ffff80003c98afa8,38,0) at rtm_output+0x855 sys/net/rtsock.c:973 route_output(fffffd807eb9a000,ffff8000014f1d30) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff8000014f1d30,fffffd807eb9a000,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff8000014f1d30,0,ffff80003c98b1f8,0,0,0) at sosend+0x824 sys/kern/uipc_socket.c:-1 sendit(ffff800033d107d0,5,ffff80003c98b2f0,0,ffff80003c98b3a0) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff800033d107d0,ffff80003c98b450,ffff80003c98b3a0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80003c98b450) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c98b450) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9a0666b7cf0, count: -12