panic: kernel diagnostic assertion "info->rti_ifa->ifa_ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 994 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *307753 26648 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8340cc5c) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b7ae1,ffffffff83358a55,3e2,ffffffff83332ecb) at __assert+0x29 rtrequest(1,ffff80002a8b9988,38,ffff80002a8b9900,0) at rtrequest+0xf00 rtlabel_id2sa sys/net/route.c:1808 [inline] rtrequest(1,ffff80002a8b9988,38,ffff80002a8b9900,0) at rtrequest+0xf00 sys/net/route.c:988 rtm_output(ffff8000014b5900,ffff80002a8b9a30,ffff80002a8b9988,38,0) at rtm_output+0x856 sys/net/rtsock.c:973 route_output(fffffd806218fb00,ffff8000014d9948) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff8000014d9948,fffffd806218fb00,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff8000014d9948,0,ffff80002a8b9bd8,0,0,0) at sosend+0x824 sendit(ffff800038943740,6,ffff80002a8b9cd0,0,ffff80002a8b9d80) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff800038943740,ffff80002a8b9e30,ffff80002a8b9d80) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80002a8b9e30) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbce8270ecd0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "info->rti_ifa->ifa_ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 994 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8340cc5c) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b7ae1,ffffffff83358a55,3e2,ffffffff83332ecb) at __assert+0x29 rtrequest(1,ffff80002a8b9988,38,ffff80002a8b9900,0) at rtrequest+0xf00 rtlabel_id2sa sys/net/route.c:1808 [inline] rtrequest(1,ffff80002a8b9988,38,ffff80002a8b9900,0) at rtrequest+0xf00 sys/net/route.c:988 rtm_output(ffff8000014b5900,ffff80002a8b9a30,ffff80002a8b9988,38,0) at rtm_output+0x856 sys/net/rtsock.c:973 route_output(fffffd806218fb00,ffff8000014d9948) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff8000014d9948,fffffd806218fb00,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff8000014d9948,0,ffff80002a8b9bd8,0,0,0) at sosend+0x824 sendit(ffff800038943740,6,ffff80002a8b9cd0,0,ffff80002a8b9d80) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff800038943740,ffff80002a8b9e30,ffff80002a8b9d80) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80002a8b9e30) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbce8270ecd0, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a8b9710 rbx 0x3 rdx 0xffff800001432740 rcx 0 rax 0xffff800038943740 r8 0 r9 0x8080808080808080 r10 0x2360fafafdc06a2 r11 0xbbce18d6fc5db6f r12 0 r13 0xffff800000b50500 r14 0 r15 0x1 rip 0xffffffff81029295 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a8b9700 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=307753 pid=26648 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000389427e0,0xffffffff838e70b8 process=0xffff8000ffff0478 user=0xffff80002a8b4000, vmspace=0xfffffd806c0ce9e8 estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 69197 509225 3165 0 2 0x480 syz-executor 69197 30011 3165 0 3 0x4000080 fsleep syz-executor 51108 108306 28411 0 2 0 syz-executor 51108 453167 28411 0 3 0x4000080 fsleep syz-executor 51108 67319 28411 0 3 0x4000080 fsleep syz-executor 51108 218632 28411 0 3 0x4000080 fsleep syz-executor 26648 213013 99219 0 2 0 syz-executor *26648 307753 99219 0 7 0x4000000 syz-executor 27418 265685 2962 0 2 0x10 syz-executor 27418 15468 2962 0 3 0x4000090 fsleep syz-executor 27418 236687 2962 0 3 0x4000090 fsleep syz-executor 5674 432613 17483 0 2 0x480 syz-executor 5674 57207 17483 0 3 0x4000080 kqread syz-executor 5674 384056 17483 0 3 0x4000080 fsleep syz-executor 12678 419478 68909 0 2 0x2 syz-executor 41764 221759 68909 0 2 0x482 syz-executor 28411 4731 68909 0 2 0x482 syz-executor 3546 499271 0 0 3 0x14280 nfsidl nfsio 34335 487416 0 0 3 0x14280 nfsidl nfsio 63022 57076 0 0 3 0x14280 nfsidl nfsio 60803 62182 0 0 3 0x14280 nfsidl nfsio 99004 355099 0 0 3 0x14280 nfsidl nfsio 10355 476478 0 0 3 0x14280 nfsidl nfsio 65992 441055 0 0 3 0x14280 nfsidl nfsio 45931 301652 0 0 3 0x14280 nfsidl nfsio 87960 290914 0 0 3 0x14280 nfsidl nfsio 79982 284468 0 0 3 0x14280 nfsidl nfsio 62040 218070 0 0 3 0x14280 nfsidl nfsio 18290 71215 0 0 3 0x14280 nfsidl nfsio 76628 499657 0 0 3 0x14280 nfsidl nfsio 28195 509012 0 0 3 0x14280 nfsidl nfsio 58593 438458 0 0 3 0x14280 nfsidl nfsio 65973 261284 0 0 3 0x14280 nfsidl nfsio 58212 4044 0 0 3 0x14280 nfsidl nfsio 6550 447761 0 0 3 0x14280 nfsidl nfsio 64385 177153 0 0 3 0x14280 nfsidl nfsio 64911 258829 0 0 3 0x14280 nfsidl nfsio 31566 287314 0 0 3 0x14200 bored sosplice 3165 278566 68909 0 2 0x482 syz-executor 2962 421914 68909 0 2 0x482 syz-executor 17483 170677 68909 0 2 0x482 syz-executor 85354 243685 68909 0 2 0x2 syz-executor 99219 115360 68909 0 2 0x482 syz-executor 68909 360001 50763 0 3 0x82 kqread syz-executor 50763 224405 7190 0 3 0x10008a sigsusp ksh 7190 79205 11639 0 3 0x98 kqread sshd-session 11639 39370 1 0 3 0x92 kqread sshd-session 16823 109183 1 0 3 0x100083 ttyin getty 57401 463645 31219 73 3 0x1100090 kqread syslogd 31219 70695 1 0 3 0x100082 sbwait syslogd 75310 132435 1 0 3 0x100080 kqread resolvd 50450 261252 34788 77 3 0x100092 kqread dhcpleased 76546 41713 34788 77 3 0x100092 kqread dhcpleased 34788 278177 1 0 3 0x80 kqread dhcpleased 83178 74323 0 0 3 0x14200 bored smr 6682 215256 0 0 2 0x14200 zerothread 95361 312449 0 0 3 0x14200 aiodoned aiodoned 38213 184883 0 0 3 0x14200 syncer update 29780 331018 0 0 3 0x14200 cleaner cleaner 17610 28395 0 0 3 0x14200 reaper reaper 2270 265235 0 0 3 0x14200 pgdaemon pagedaemon 7360 523025 0 0 3 0x14200 bored viomb 18032 53261 0 0 3 0x40014200 acpi0 acpi0 30216 268711 0 0 3 0x14200 bored softnet3 48856 120506 0 0 3 0x14200 bored softnet2 893 410019 0 0 3 0x14200 bored softnet1 4201 61982 0 0 3 0x14200 bored softnet0 62733 97654 0 0 3 0x14200 bored systqmp 49838 263156 0 0 3 0x14200 bored systq 49144 286395 0 0 2 0x40014200 softclock 92671 358111 0 0 3 0x40014200 idle0 1 512528 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10221 11138K 11836K 166960K 15064 0 pcb 17 16K 17K 166960K 454 0 rtable 167 12K 14K 166960K 882 0 pf 38 14K 22K 166960K 236 0 ifaddr 30 5K 8K 166960K 158 0 ifgroup 61 2K 3K 166960K 293 0 sysctl 4 1K 2K 166960K 17 0 counters 32 17K 18K 166960K 216 0 ioctlops 0 0K 4K 166960K 476 0 iov 0 0K 16K 166960K 224 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1525 96K 96K 166960K 3564 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 13K 166960K 48 0 VM map 2 1K 1K 166960K 2 0 sem 16 21K 21K 166960K 215 0 dirhash 12 2K 2K 166960K 36 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 97K 166960K 2263 0 sigio 0 0K 0K 166960K 48 0 proc 61 59K 124K 166960K 772 0 subproc 72 4K 4K 166960K 108 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 378 0 in_multi 43 3K 7K 166960K 248 0 ether_multi 1 0K 0K 166960K 18 0 mrt 2 0K 0K 166960K 10 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 253 1129K 1129K 166960K 253 0 exec 0 0K 1K 166960K 659 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 207 72K 90K 166960K 21944 0 UVM aobj 112 73K 73K 166960K 122 0 pinsyscall 35 70K 96K 166960K 3409 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 125 0 NDP 13 0K 2K 166960K 111 0 temp 75 8684K 8832K 166960K 102810 0 kqueue 14 22K 30K 166960K 437 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 332 0 327 3 0 3 3 0 8 2 rtentry 128 228 0 169 4 0 4 4 0 8 0 unpcb 144 2485 0 2466 10 4 6 6 0 8 5 syncache 336 5 0 5 1 1 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 808 737 0 732 11 7 4 8 0 8 3 arp 88 33 0 22 1 0 1 1 0 8 0 ipq 40 2 0 2 2 1 1 1 0 8 1 ipqe 40 5 0 5 2 1 1 1 0 8 1 inpcb 344 2770 0 2760 18 9 9 10 0 8 7 nd6 104 52 0 44 1 0 1 1 0 8 0 pkpcb 40 85 0 85 2 1 1 1 0 8 1 kcovpl 48 12 0 4 1 0 1 1 0 8 0 mppekey 1024 2 0 2 1 0 1 1 0 8 1 ppxss 1072 153 0 153 1 0 1 1 0 8 1 pppxif 1384 82 0 82 2 1 1 1 0 8 1 pfstscr 40 2 0 2 1 0 1 1 0 8 1 pfrktable 1344 4 0 1 1 0 1 1 0 8 0 pfanchor 1288 5 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 3 0 1 1 0 1 1 0 8 0 pfstate 344 2 0 1 1 0 1 1 0 8 0 pfrule 1344 12 0 11 1 0 1 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 875 0 645 36 8 28 29 0 8 7 art_table 32 879 0 645 4 0 4 4 0 8 0 art_node 16 214 0 161 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 2 1 0 1 1 0 8 0 semupl 112 3 0 3 2 1 1 1 0 8 1 semapl 112 209 0 195 1 0 1 1 0 8 0 shmpl 112 119 0 10 4 0 4 4 0 8 0 dirhash 1024 33 0 16 3 0 3 3 0 8 0 dino2pl 256 5705 0 4205 95 0 95 95 0 8 0 ffsino 248 5705 0 4205 95 0 95 95 0 8 0 nchpl 144 9104 0 8553 65 42 23 63 0 8 1 rtmask 32 16 0 16 2 1 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 31946 0 31944 3 2 1 2 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 168 0 142 4 1 3 3 0 8 1 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 5 0 5 2 1 1 1 0 8 1 scxspl 216 28526 0 28526 11 7 4 8 1 8 4 plimitpl 152 888 0 870 1 0 1 1 0 8 0 sigapl 424 2563 0 2499 8 0 8 8 0 8 0 futexpl 64 35359 0 35352 1 0 1 1 0 8 0 knotepl 120 971405 0 971355 27 16 11 17 0 8 8 kqueuepl 184 956 0 945 6 2 4 4 0 8 3 pipepl 296 357 0 330 8 5 3 8 0 8 0 fdescpl 440 2521 0 2494 5 1 4 5 0 8 0 filepl 120 19155 0 18932 15 3 12 12 0 8 3 lockfpl 104 680 0 676 1 0 1 1 0 8 0 lockfspl 48 269 0 265 1 0 1 1 0 8 0 sessionpl 144 27 0 20 1 0 1 1 0 8 0 pgrppl 48 65 0 50 1 0 1 1 0 8 0 ucredpl 104 3396 0 3383 1 0 1 1 0 8 0 zombiepl 144 2500 0 2499 1 0 1 1 0 8 0 processpl 1112 2563 0 2499 5 0 5 5 0 8 0 procpl 656 5702 0 5629 8 0 8 8 0 8 0 sosppl 168 13 0 12 2 1 1 1 0 8 0 sockpl 528 5706 0 5671 20 10 10 12 0 8 7 mcl64k 65536 95 0 95 2 1 1 1 0 8 1 mcl16k 16384 10 0 10 2 1 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 26 0 26 2 1 1 1 0 8 1 mcl4k 4096 5280 0 5228 14 5 9 13 0 8 2 mcl2k 2048 2592 0 2550 11 1 10 10 0 8 3 mtagpl 96 483 0 256 7 1 6 6 0 8 0 mbufpl 256 30141 0 29754 46 8 38 38 0 8 5 bufpl 280 8326 0 2098 446 0 446 446 0 8 1 anonpl 24 369698 0 356749 128 5 123 123 0 187 3 amapchunkpl 152 88346 0 87795 53 18 35 42 0 158 11 amappl16 200 8358 0 7795 56 4 52 52 0 8 7 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 117 0 108 1 0 1 1 0 8 0 amappl13 176 2 0 2 1 1 0 1 0 8 0 amappl12 168 3194 0 3167 2 0 2 2 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 9 0 9 2 1 1 1 0 8 1 amappl9 144 251 0 250 1 0 1 1 0 8 0 amappl8 136 27 0 25 1 0 1 1 0 8 0 amappl7 128 111 0 101 1 0 1 1 0 8 0 amappl6 120 214 0 209 1 0 1 1 0 8 0 amappl5 112 130 0 123 1 0 1 1 0 8 0 amappl4 104 304 0 291 1 0 1 1 0 8 0 amappl3 96 15119 0 15017 4 0 4 4 0 8 0 amappl2 88 696 0 645 2 0 2 2 0 8 0 amappl1 80 14390 0 13956 12 0 12 12 0 8 0 amappl 88 21414 0 21251 5 0 5 5 0 92 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 7 0 7 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 121 0 10 3 0 3 3 0 8 0 uaddrrnd 24 2521 0 2494 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2521 0 2494 1 0 1 1 0 8 0 vmmpekpl 168 18701 0 18653 3 0 3 3 0 8 0 vmmpepl 168 157334 0 155221 123 10 113 113 0 357 6 vmsppl 360 2520 0 2494 4 1 3 4 0 8 0 rwobjpl 32 46045 0 38718 63 1 62 62 0 8 2 pdppl 4096 5048 0 4988 134 70 64 82 0 8 4 pvpl 32 1087440 0 1069320 225 19 206 206 0 265 6 pmappl 216 2520 0 2494 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 371 0 109 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8340cc5c) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b7ae1,ffffffff83358a55,3e2,ffffffff83332ecb) at __assert+0x29 rtrequest(1,ffff80002a8b9988,38,ffff80002a8b9900,0) at rtrequest+0xf00 rtlabel_id2sa sys/net/route.c:1808 [inline] rtrequest(1,ffff80002a8b9988,38,ffff80002a8b9900,0) at rtrequest+0xf00 sys/net/route.c:988 rtm_output(ffff8000014b5900,ffff80002a8b9a30,ffff80002a8b9988,38,0) at rtm_output+0x856 sys/net/rtsock.c:973 route_output(fffffd806218fb00,ffff8000014d9948) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff8000014d9948,fffffd806218fb00,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff8000014d9948,0,ffff80002a8b9bd8,0,0,0) at sosend+0x824 sendit(ffff800038943740,6,ffff80002a8b9cd0,0,ffff80002a8b9d80) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff800038943740,ffff80002a8b9e30,ffff80002a8b9d80) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80002a8b9e30) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbce8270ecd0, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8340cc5c) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b7ae1,ffffffff83358a55,3e2,ffffffff83332ecb) at __assert+0x29 rtrequest(1,ffff80002a8b9988,38,ffff80002a8b9900,0) at rtrequest+0xf00 rtlabel_id2sa sys/net/route.c:1808 [inline] rtrequest(1,ffff80002a8b9988,38,ffff80002a8b9900,0) at rtrequest+0xf00 sys/net/route.c:988 rtm_output(ffff8000014b5900,ffff80002a8b9a30,ffff80002a8b9988,38,0) at rtm_output+0x856 sys/net/rtsock.c:973 route_output(fffffd806218fb00,ffff8000014d9948) at route_output+0x9ac sys/net/rtsock.c:878 route_send(ffff8000014d9948,fffffd806218fb00,0,0) at route_send+0xd7 sys/net/rtsock.c:342 sosend(ffff8000014d9948,0,ffff80002a8b9bd8,0,0,0) at sosend+0x824 sendit(ffff800038943740,6,ffff80002a8b9cd0,0,ffff80002a8b9d80) at sendit+0x721 sys/kern/uipc_syscalls.c:779 sys_sendto(ffff800038943740,ffff80002a8b9e30,ffff80002a8b9d80) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557 syscall(ffff80002a8b9e30) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbce8270ecd0, count: -12