panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1078 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *228116 13339 0 0x8000000 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292e793) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e3278,ffffffff82890acc,436,ffffffff82854d29) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000376e4eb8,0,ffff8000376e4e30,0) at rtrequest+0xb49 sys/net/route.c:1078 rtm_output(ffff800000db5400,ffff8000376e4f60,ffff8000376e4eb8,0,0) at rtm_output+0x614 sys/net/rtsock.c:959 route_output(fffffd8068e9ac00,fffffd806c346030) at route_output+0x6bb sys/net/rtsock.c:864 route_send(fffffd806c346030,fffffd8068e9ac00,0,0) at route_send+0x8f sys/net/rtsock.c:340 sosend(fffffd806c346030,0,ffff8000376e5118,0,0,0) at sosend+0x663 sendit(ffff80002a62b728,d,ffff8000376e5210,0,ffff8000376e52c0) at sendit+0x54c sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a62b728,ffff8000376e5370,ffff8000376e52c0) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff8000376e5370) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6bc628e0b00, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1078 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292e793) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e3278,ffffffff82890acc,436,ffffffff82854d29) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000376e4eb8,0,ffff8000376e4e30,0) at rtrequest+0xb49 sys/net/route.c:1078 rtm_output(ffff800000db5400,ffff8000376e4f60,ffff8000376e4eb8,0,0) at rtm_output+0x614 sys/net/rtsock.c:959 route_output(fffffd8068e9ac00,fffffd806c346030) at route_output+0x6bb sys/net/rtsock.c:864 route_send(fffffd806c346030,fffffd8068e9ac00,0,0) at route_send+0x8f sys/net/rtsock.c:340 sosend(fffffd806c346030,0,ffff8000376e5118,0,0,0) at sosend+0x663 sendit(ffff80002a62b728,d,ffff8000376e5210,0,ffff8000376e52c0) at sendit+0x54c sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a62b728,ffff8000376e5370,ffff8000376e52c0) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff8000376e5370) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6bc628e0b00, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000376e4c40 rbx 0xffff800000e7d490 rdx 0 rcx 0 rax 0xffff80002a62b728 r8 0x101010101010101 r9 0x8080808080808080 r10 0xdec552a4b683f2c0 r11 0xe4e49e9c273299dd r12 0 r13 0x10000 __ALIGN_SIZE+0xf000 r14 0 r15 0x1 rip 0xffffffff8122593c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000376e4c30 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) tid=228116 pid=13339 tcnt=4 stat=onproc flags process=8000000 proc=4000000 runpri=32, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a62bc48,0xffff80002a62a7d8 process=0xffff800037805d68 user=0xffff8000376e0000, vmspace=0xfffffd8064b37c38 estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 5872 162276 34972 0 2 0x8000000 syz-executor.5 5872 348947 34972 0 2 0xc000000 syz-executor.5 13339 428644 3422 0 2 0x8000000 syz-executor.0 13339 105427 3422 0 3 0xc000080 ttyout syz-executor.0 *13339 228116 3422 0 7 0xc000000 syz-executor.0 13339 284782 3422 0 3 0xc000080 fsleep syz-executor.0 28569 398232 61336 0 2 0x8000002 syz-executor.4 5730 182479 61336 0 2 0x8000002 syz-executor.2 42661 465806 61336 0 3 0x8000082 nanoslp syz-executor.6 34972 28257 61336 0 2 0x8000482 syz-executor.5 80541 6906 61336 0 2 0x8000002 syz-executor.3 16408 235186 61336 0 2 0x8000002 syz-executor.7 3422 239353 61336 0 3 0x8000082 nanoslp syz-executor.0 9123 482914 0 0 3 0x14280 nfsidl nfsio 75775 507488 0 0 3 0x14280 nfsidl nfsio 26176 260099 0 0 3 0x14280 nfsidl nfsio 67552 301554 0 0 3 0x14280 nfsidl nfsio 54165 478196 0 0 3 0x14280 nfsidl nfsio 99312 192884 0 0 3 0x14280 nfsidl nfsio 66511 368595 0 0 3 0x14280 nfsidl nfsio 97481 453230 0 0 3 0x14280 nfsidl nfsio 90033 262953 0 0 3 0x14280 nfsidl nfsio 11870 381025 0 0 3 0x14280 nfsidl nfsio 76598 30300 0 0 3 0x14280 nfsidl nfsio 57605 276360 0 0 3 0x14280 nfsidl nfsio 91654 130317 0 0 3 0x14280 nfsidl nfsio 55276 178844 0 0 3 0x14280 nfsidl nfsio 89350 496312 0 0 3 0x14280 nfsidl nfsio 19189 435452 0 0 3 0x14280 nfsidl nfsio 16164 521832 0 0 3 0x14280 nfsidl nfsio 26373 466972 0 0 3 0x14280 nfsidl nfsio 41760 405268 0 0 3 0x14280 nfsidl nfsio 24009 338196 0 0 3 0x14280 nfsidl nfsio 14501 475012 0 0 3 0x14200 bored sosplice 61336 279725 80987 0 3 0x1a000082 thrsleep syz-fuzzer 61336 268684 80987 0 3 0x1e000082 nanoslp syz-fuzzer 61336 349371 80987 0 3 0x1e000082 wait syz-fuzzer 61336 484203 80987 0 3 0x1e000082 thrsleep syz-fuzzer 61336 367780 80987 0 3 0x1e000082 wait syz-fuzzer 61336 62066 80987 0 3 0x1e000082 thrsleep syz-fuzzer 61336 292001 80987 0 3 0x1e000082 wait syz-fuzzer 61336 427844 80987 0 3 0x1e000082 wait syz-fuzzer 61336 122548 80987 0 3 0x1e000082 kqread syz-fuzzer 61336 389870 80987 0 3 0x1e000082 wait syz-fuzzer 61336 56384 80987 0 3 0x1e000082 thrsleep syz-fuzzer 61336 31988 80987 0 3 0x1e000082 wait syz-fuzzer 61336 519716 80987 0 3 0x1e000082 thrsleep syz-fuzzer 61336 428655 80987 0 3 0x1e000082 wait syz-fuzzer 61336 12218 80987 0 3 0x1e000082 wait syz-fuzzer 80987 164347 18016 0 3 0x810008a sigsusp ksh 18016 420011 43685 0 3 0x1800009a kqread sshd 63531 360236 1 0 3 0x18100083 ttyin getty 43685 209864 1 0 3 0x18000088 kqread sshd 7125 2284 20170 73 3 0x19100090 kqread syslogd 20170 79111 1 0 3 0x18100082 sbwait syslogd 48558 344630 1 0 3 0x18100080 kqread resolvd 90730 326107 4297 77 3 0x18100092 kqread dhcpleased 23736 56044 4297 77 3 0x18100092 kqread dhcpleased 4297 244762 1 0 3 0x18000080 kqread dhcpleased 77948 343999 0 0 3 0x14200 bored smr 79870 222675 0 0 2 0x14200 zerothread 1270 237157 0 0 3 0x14200 aiodoned aiodoned 57968 150257 0 0 3 0x14200 syncer update 82659 20682 0 0 3 0x14200 cleaner cleaner 52958 372925 0 0 3 0x14200 reaper reaper 34147 360451 0 0 3 0x14200 pgdaemon pagedaemon 72402 429172 0 0 3 0x14200 bored viomb 82767 188124 0 0 3 0x40014200 acpi0 acpi0 88002 281684 0 0 3 0x14200 bored softnet3 5111 425915 0 0 3 0x14200 bored softnet2 25227 457315 0 0 3 0x14200 bored softnet1 56197 109186 0 0 3 0x14200 bored softnet0 61911 329507 0 0 3 0x14200 bored systqmp 55633 320165 0 0 3 0x14200 bored systq 80015 485776 0 0 2 0x40014200 softclock 63015 230643 0 0 3 0x40014200 idle0 1 33043 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10189 6562K 7135K 166960K 17711 0 pcb 15 10K 10K 166960K 349 0 rtable 211 7K 8K 166960K 1901 0 pf 33 9K 10K 166960K 271 0 ifaddr 39 11K 13K 166960K 296 0 ifgroup 58 2K 2K 166960K 412 0 sysctl 4 1K 2K 166960K 8 0 counters 31 17K 18K 166960K 146 0 ioctlops 0 0K 2K 166960K 236 0 iov 0 0K 20K 166960K 240 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1425 90K 90K 166960K 4539 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 61 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 320 0 dirhash 12 2K 2K 166960K 51 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 13 45K 69K 166960K 4020 0 sigio 0 0K 0K 166960K 79 0 proc 58 59K 75K 166960K 1965 0 subproc 104 6K 6K 166960K 647 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 581 0 in_multi 77 5K 7K 166960K 625 0 ether_multi 1 0K 0K 166960K 15 0 mrt 2 0K 0K 166960K 11 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 1273 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 347 244K 246K 166960K 35279 0 UVM aobj 88 7K 7K 166960K 96 0 pinsyscall 33 66K 100K 166960K 6216 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 224 0 NDP 12 0K 2K 166960K 225 0 temp 74 6804K 6884K 166960K 65866 0 kqueue 12 18K 28K 166960K 486 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 336 0 330 1 0 1 1 0 8 0 rtentry 112 627 0 532 4 0 4 4 0 8 0 unpcb 144 2963 0 2950 9 1 8 8 0 8 7 syncache 336 27 0 27 1 1 0 1 0 8 0 tcpqe 32 253 0 253 1 1 0 1 0 8 0 tcpcb 808 1150 0 1140 9 1 8 8 0 8 7 arp 88 118 0 103 1 0 1 1 0 8 0 ipq 40 13 0 12 1 0 1 1 0 8 0 ipqe 40 147 0 146 1 0 1 1 0 8 0 inpcb 360 3405 0 3390 9 1 8 8 0 8 6 nd6 104 157 0 137 1 0 1 1 0 8 0 pkpcb 40 45 0 45 2 1 1 1 0 8 1 kcovpl 48 49 0 41 1 0 1 1 0 8 0 ppxss 1072 59 0 59 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2464 0 2080 47 19 28 29 0 8 4 art_table 32 2465 0 2080 4 0 4 4 0 8 0 art_node 16 610 0 527 1 0 1 1 0 8 0 sysvmsgpl 40 26 0 18 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 315 0 305 1 0 1 1 0 8 0 shmpl 112 93 0 8 3 0 3 3 0 8 0 dirhash 1024 43 0 26 3 0 3 3 0 8 0 dino2pl 256 7512 0 6007 96 1 95 96 0 8 0 ffsino 240 7512 0 6007 90 0 90 90 0 8 0 nchpl 144 12907 0 11175 66 0 66 66 0 8 0 uvmvnodes 80 7064 0 0 145 0 145 145 0 8 0 vnodes 216 7064 0 0 393 0 393 393 0 8 0 namei 1024 45475 0 45475 4 3 1 3 0 8 1 vcpupl 2048 18 0 0 3 0 3 3 0 8 0 vmpool 664 37 0 19 2 0 2 2 0 8 0 kstatmem 264 254 0 230 3 0 3 3 0 8 1 scsiplug 72 34 0 34 2 1 1 1 0 8 1 scxspl 216 60569 0 60569 10 7 3 8 1 8 3 plimitpl 152 469 0 454 1 0 1 1 0 8 0 sigapl 424 4260 0 4199 8 0 8 8 0 8 0 futexpl 64 56875 0 56874 1 0 1 1 0 8 0 knotepl 120 39951 0 39871 17 6 11 11 0 8 8 kqueuepl 184 1091 0 1083 7 0 7 7 0 8 6 pipepl 288 617 0 590 6 1 5 5 0 8 2 fdescpl 432 4198 0 4174 4 0 4 4 0 8 0 filepl 120 25055 0 24804 17 3 14 15 0 8 4 lockfpl 104 1225 0 1223 1 0 1 1 0 8 0 lockfspl 48 408 0 406 1 0 1 1 0 8 0 sessionpl 144 64 0 48 1 0 1 1 0 8 0 pgrppl 48 110 0 94 1 0 1 1 0 8 0 ucredpl 104 3932 0 3921 1 0 1 1 0 8 0 zombiepl 144 4201 0 4199 2 1 1 1 0 8 0 processpl 1072 4260 0 4199 5 0 5 5 0 8 0 procpl 656 8485 0 8406 9 1 8 9 0 8 0 sosppl 168 94 0 94 2 1 1 1 0 8 1 sockpl 472 6784 0 6750 40 27 13 30 0 8 7 mcl64k 65536 102 0 102 2 1 1 1 0 8 1 mcl16k 16384 75 0 75 2 1 1 1 0 8 1 mcl12k 12288 146 0 146 2 1 1 1 0 8 1 mcl9k 9216 24 0 24 2 1 1 1 0 8 1 mcl8k 8192 210 0 210 2 1 1 1 0 8 1 mcl4k 4096 715 0 715 3 2 1 2 0 8 1 mcl2k2 2112 36 0 36 2 1 1 1 0 8 1 mcl2k 2048 47378 0 47320 57 42 15 49 0 8 6 mtagpl 96 334 0 317 3 0 3 3 0 8 1 mbufpl 256 152297 0 152151 188 163 25 62 0 8 8 bufpl 280 13180 0 6115 505 0 505 505 0 8 0 anonpl 24 544801 0 538823 106 39 67 90 0 188 12 amapchunkpl 152 112432 0 111843 52 15 37 43 0 158 9 amappl16 200 11479 0 11350 43 26 17 20 0 8 8 amappl15 192 11 0 11 1 1 0 1 0 8 0 amappl14 184 272 0 259 2 1 1 2 0 8 0 amappl13 176 29 0 29 1 1 0 1 0 8 0 amappl12 168 5441 0 5415 2 0 2 2 0 8 0 amappl11 160 61 0 51 1 0 1 1 0 8 0 amappl10 152 101 0 90 1 0 1 1 0 8 0 amappl9 144 197 0 196 1 0 1 1 0 8 0 amappl8 136 476 0 377 4 0 4 4 0 8 0 amappl7 128 118 0 103 1 0 1 1 0 8 0 amappl6 120 895 0 878 2 1 1 2 0 8 0 amappl5 112 382 0 369 1 0 1 1 0 8 0 amappl4 104 816 0 785 2 1 1 2 0 8 0 amappl3 96 22136 0 22065 3 0 3 3 0 8 0 amappl2 88 4880 0 4811 3 1 2 3 0 8 0 amappl1 80 26007 0 25523 22 11 11 22 0 8 0 amappl 88 34210 0 34023 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 95 0 8 2 0 2 2 0 8 0 uaddrrnd 24 4235 0 4193 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4235 0 4193 1 0 1 1 0 8 0 vmmpekpl 168 31405 0 31343 4 1 3 4 0 8 0 vmmpepl 168 274445 0 272654 124 23 101 111 0 357 7 vmsppl 344 4234 0 4193 5 0 5 5 0 8 0 rwobjpl 24 74510 0 66224 52 0 52 52 0 8 0 pdppl 4096 8476 0 8404 295 215 80 83 0 8 8 pvpl 32 1545087 0 1533294 406 232 174 350 0 265 50 pmappl 216 4234 0 4193 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 812 0 453 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292e793) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e3278,ffffffff82890acc,436,ffffffff82854d29) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000376e4eb8,0,ffff8000376e4e30,0) at rtrequest+0xb49 sys/net/route.c:1078 rtm_output(ffff800000db5400,ffff8000376e4f60,ffff8000376e4eb8,0,0) at rtm_output+0x614 sys/net/rtsock.c:959 route_output(fffffd8068e9ac00,fffffd806c346030) at route_output+0x6bb sys/net/rtsock.c:864 route_send(fffffd806c346030,fffffd8068e9ac00,0,0) at route_send+0x8f sys/net/rtsock.c:340 sosend(fffffd806c346030,0,ffff8000376e5118,0,0,0) at sosend+0x663 sendit(ffff80002a62b728,d,ffff8000376e5210,0,ffff8000376e52c0) at sendit+0x54c sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a62b728,ffff8000376e5370,ffff8000376e52c0) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff8000376e5370) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6bc628e0b00, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292e793) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e3278,ffffffff82890acc,436,ffffffff82854d29) at __assert+0x29 sys/kern/subr_prf.c:157 rtrequest(1,ffff8000376e4eb8,0,ffff8000376e4e30,0) at rtrequest+0xb49 sys/net/route.c:1078 rtm_output(ffff800000db5400,ffff8000376e4f60,ffff8000376e4eb8,0,0) at rtm_output+0x614 sys/net/rtsock.c:959 route_output(fffffd8068e9ac00,fffffd806c346030) at route_output+0x6bb sys/net/rtsock.c:864 route_send(fffffd806c346030,fffffd8068e9ac00,0,0) at route_send+0x8f sys/net/rtsock.c:340 sosend(fffffd806c346030,0,ffff8000376e5118,0,0,0) at sosend+0x663 sendit(ffff80002a62b728,d,ffff8000376e5210,0,ffff8000376e52c0) at sendit+0x54c sys/kern/uipc_syscalls.c:786 sys_sendto(ffff80002a62b728,ffff8000376e5370,ffff8000376e52c0) at sys_sendto+0x84 sys/kern/uipc_syscalls.c:564 syscall(ffff8000376e5370) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6bc628e0b00, count: -12