panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 951 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *157778 19178 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821dece5,ffffffff821b27fd,3b7,ffffffff821c2e6e) at __assert+0x2b sys/kern/subr_prf.c:154 rtrequest(1,ffff80001511fc58,0,ffff80001511fbc8,0) at rtrequest+0xbf1 sys/net/route.c:951 rtm_output(ffff800000ac7800,ffff80001511fd00,ffff80001511fc58,0,0) at rtm_output+0x62f sys/net/rtsock.c:901 route_output(fffffd8035454000,fffffd802daeddc0,0,0) at route_output+0x7d9 sys/net/rtsock.c:819 route_usrreq(fffffd802daeddc0,9,fffffd8035454000,0,0,ffff8000ffff2508) at route_usrreq+0x363 sys/net/rtsock.c:275 sosend(fffffd802daeddc0,0,ffff80001511ff00,0,0,80) at sosend+0x63d sys/kern/uipc_socket.c:524 sendit(ffff8000ffff2508,3,ffff80001511ffe0,0,ffff8000151200c0) at sendit+0x52b sys/kern/uipc_syscalls.c:662 sys_sendto(ffff8000ffff2508,ffff800015120078,ffff8000151200c0) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:527 syscall(ffff800015120140) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffffd8,0,6,de683e5010) at Xsyscall+0x128 end of kernel end trace frame: 0xe11755d700, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 951 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821dece5,ffffffff821b27fd,3b7,ffffffff821c2e6e) at __assert+0x2b sys/kern/subr_prf.c:154 rtrequest(1,ffff80001511fc58,0,ffff80001511fbc8,0) at rtrequest+0xbf1 sys/net/route.c:951 rtm_output(ffff800000ac7800,ffff80001511fd00,ffff80001511fc58,0,0) at rtm_output+0x62f sys/net/rtsock.c:901 route_output(fffffd8035454000,fffffd802daeddc0,0,0) at route_output+0x7d9 sys/net/rtsock.c:819 route_usrreq(fffffd802daeddc0,9,fffffd8035454000,0,0,ffff8000ffff2508) at route_usrreq+0x363 sys/net/rtsock.c:275 sosend(fffffd802daeddc0,0,ffff80001511ff00,0,0,80) at sosend+0x63d sys/kern/uipc_socket.c:524 sendit(ffff8000ffff2508,3,ffff80001511ffe0,0,ffff8000151200c0) at sendit+0x52b sys/kern/uipc_syscalls.c:662 sys_sendto(ffff8000ffff2508,ffff800015120078,ffff8000151200c0) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:527 syscall(ffff800015120140) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffffd8,0,6,de683e5010) at Xsyscall+0x128 end of kernel end trace frame: 0xe11755d700, count: -12 ddb> show registers rdi 0xffffffff81fe2d67 db_enter+0x17 rsi 0x3f90 __ALIGN_SIZE+0x2f90 rbp 0xffff80001511f9d0 rbx 0xffff80001511fa80 rdx 0x3f91 __ALIGN_SIZE+0x2f91 rcx 0xffff80001613c000 rax 0xffff80001613c000 r8 0xffff80001511f990 r9 0x1 r10 0xffff800000a5eb40 r11 0xe181682377b14c62 r12 0x3000000008 r13 0xffff80001511f9e0 r14 0x100 r15 0x1 rip 0xffffffff81fe2d68 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001511f9c0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=157778 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff3650,0xffffffff825a0228 process=0xffff800014894378 user=0xffff80001511b000, vmspace=0xfffffd803f013550 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 19178 474212 53803 0 2 0 syz-executor.1 *19178 157778 53803 0 7 0x4000000 syz-executor.1 53803 154782 52495 0 2 0x482 syz-executor.1 18906 43489 52495 0 2 0x2 syz-executor.0 73611 389573 1 0 3 0x100083 ttyin getty 70139 286601 0 0 3 0x14200 acct acct 92620 342767 0 0 3 0x14200 bored sosplice 52495 318599 64325 0 3 0x82 thrsleep syz-fuzzer 52495 103942 64325 0 2 0x4000482 syz-fuzzer 52495 176616 64325 0 3 0x4000082 thrsleep syz-fuzzer 52495 154338 64325 0 3 0x4000082 thrsleep syz-fuzzer 52495 326405 64325 0 3 0x4000082 thrsleep syz-fuzzer 52495 173378 64325 0 3 0x4000082 kqread syz-fuzzer 52495 402110 64325 0 3 0x4000082 thrsleep syz-fuzzer 64325 105422 72398 0 3 0x10008a pause ksh 72398 481132 12006 0 3 0x92 select sshd 12006 507200 1 0 3 0x80 select sshd 59783 233812 24341 73 3 0x100090 kqread syslogd 24341 376183 1 0 3 0x100082 netio syslogd 74487 355954 1 77 3 0x100090 poll dhclient 6989 260055 1 0 3 0x80 poll dhclient 6913 201084 0 0 2 0x14200 zerothread 63546 28037 0 0 3 0x14200 aiodoned aiodoned 89362 90857 0 0 3 0x14200 syncer update 57029 450635 0 0 3 0x14200 cleaner cleaner 47931 257049 0 0 3 0x14200 reaper reaper 64384 78952 0 0 3 0x14200 pgdaemon pagedaemon 11514 93315 0 0 3 0x14200 bored crynlk 34978 121095 0 0 3 0x14200 bored crypto 93244 212958 0 0 3 0x40014200 acpi0 acpi0 90930 475067 0 0 3 0x14200 bored softnet 8391 212501 0 0 3 0x14200 bored systqmp 33324 437518 0 0 3 0x14200 bored systq 5422 188290 0 0 3 0x40014200 bored softclock 31840 287088 0 0 3 0x40014200 idle0 60503 387535 0 0 3 0x14200 bored smr 1 28043 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9574 7035K 7183K 78643K 13367 0 0 pcb 13 10K 12K 78643K 826 0 0 rtable 146 14K 14K 78643K 1896 0 0 ifaddr 80 19K 21K 78643K 581 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 2006 0 0 iov 0 0K 24K 78643K 704 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1224 77K 78K 78643K 3654 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 94 0 0 VM map 2 0K 0K 78643K 14 0 0 sem 12 0K 0K 78643K 892 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 5834 0 0 sigio 0 0K 0K 78643K 90 0 0 proc 50 38K 63K 78643K 1429 0 0 subproc 32 2K 2K 78643K 289 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 629 0 0 in_multi 35 2K 2K 78643K 446 0 0 ether_multi 1 0K 0K 78643K 45 0 0 mrt 0 0K 0K 78643K 34 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 198 874K 874K 78643K 198 0 0 exec 0 0K 1K 78643K 963 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 107 22K 32K 78643K 14672 0 0 UVM aobj 130 6K 6K 78643K 144 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 871 0 0 NDP 17 0K 0K 78643K 175 0 0 temp 205 3536K 4176K 78643K 78520 0 0 kqueue 0 0K 0K 78643K 52 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 55 0 45 1 0 1 1 0 8 0 rtpcb 80 348 0 345 1 0 1 1 0 8 0 rtentry 112 276 0 220 2 0 2 2 0 8 0 unpcb 120 5738 0 5721 18 16 2 2 0 8 1 syncache 264 11 0 11 6 6 0 1 0 8 0 tcpqe 32 6331 0 6331 1 1 0 1 0 8 0 tcpcb 544 2713 0 2709 74 65 9 15 0 8 8 ipq 40 5 0 5 3 3 0 1 0 8 0 ipqe 40 10 0 10 3 3 0 1 0 8 0 inpcb 280 5680 0 5671 59 50 9 9 0 8 8 rttmr 72 9 0 9 7 6 1 1 0 8 1 ip6q 72 3 0 2 3 2 1 1 0 8 0 nd6 48 34 0 30 1 0 1 1 0 8 0 pkpcb 40 28 0 28 12 11 1 1 0 8 1 ppxss 1128 74 0 74 20 19 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1033 0 787 31 15 16 16 0 8 0 art_table 32 1034 0 787 2 0 2 2 0 8 0 art_node 16 259 0 213 1 0 1 1 0 8 0 sysvmsgpl 40 112 0 91 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 890 0 880 1 0 1 1 0 8 0 shmpl 112 142 0 14 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 10552 0 9157 46 0 46 46 0 8 0 ffsino 240 10552 0 9157 83 0 83 83 0 8 0 nchpl 144 21112 0 19468 62 0 62 62 0 8 0 uvmvnodes 72 6536 0 0 119 0 119 119 0 8 0 vnodes 208 6536 0 0 344 0 344 344 0 8 0 namei 1024 74713 0 74712 4 3 1 1 0 8 0 vmpool 520 12 0 12 5 5 0 1 0 8 0 scsiplug 64 11 0 11 8 8 0 1 0 8 0 scxspl 192 55774 0 55774 20 19 1 7 0 8 1 plimitpl 152 521 0 514 1 0 1 1 0 8 0 sigapl 432 5962 0 5949 2 0 2 2 0 8 0 futexpl 56 157602 0 157602 2 1 1 1 0 8 1 knotepl 112 1339 0 1320 4 3 1 2 0 8 0 kqueuepl 104 2288 0 2286 16 12 4 4 0 8 3 pipepl 112 3274 0 3253 12 10 2 2 0 8 1 fdescpl 424 5963 0 5949 2 0 2 2 0 8 0 filepl 120 56382 0 56283 59 48 11 11 0 8 8 lockfpl 104 1893 0 1892 1 0 1 1 0 8 0 lockfspl 48 592 0 591 1 0 1 1 0 8 0 sessionpl 112 34 0 24 1 0 1 1 0 8 0 pgrppl 48 78 0 68 1 0 1 1 0 8 0 ucredpl 96 7332 0 7324 1 0 1 1 0 8 0 zombiepl 144 5949 0 5949 3 2 1 1 0 8 1 processpl 864 5979 0 5949 4 0 4 4 0 8 0 procpl 632 13148 0 13111 4 0 4 4 0 8 0 sosppl 128 93 0 93 18 17 1 1 0 8 1 sockpl 384 11887 0 11860 89 77 12 15 0 8 8 mcl64k 65536 443 0 443 51 50 1 33 0 8 1 mcl16k 16384 48 0 48 20 19 1 1 0 8 1 mcl12k 12288 116 0 116 20 19 1 1 0 8 1 mcl9k 9216 52 0 52 17 17 0 1 0 8 0 mcl8k 8192 247 0 247 8 7 1 1 0 8 1 mcl4k 4096 555 0 555 3 2 1 1 0 8 1 mcl2k2 2112 34 0 34 18 17 1 1 0 8 1 mcl2k 2048 63109 0 63068 22 15 7 14 0 8 1 mtagpl 80 22 0 22 2 2 0 1 0 8 0 mbufpl 256 138098 0 137999 35 26 9 24 0 8 0 bufpl 256 20653 0 14055 413 0 413 413 0 8 0 anonpl 16 556488 0 541327 205 138 67 80 0 62 0 amapchunkpl 152 27415 0 27309 98 91 7 18 0 158 2 amappl16 192 30545 0 29662 195 149 46 57 0 8 1 amappl15 184 1453 0 1453 3 3 0 1 0 8 0 amappl14 176 1430 0 1429 2 1 1 1 0 8 0 amappl13 168 24 0 24 3 3 0 1 0 8 0 amappl12 160 606 0 600 1 0 1 1 0 8 0 amappl11 152 233 0 219 1 0 1 1 0 8 0 amappl10 144 1172 0 1170 3 2 1 1 0 8 0 amappl9 136 1747 0 1741 1 0 1 1 0 8 0 amappl8 128 1336 0 1300 3 1 2 2 0 8 0 amappl7 120 1258 0 1252 1 0 1 1 0 8 0 amappl6 112 215 0 199 1 0 1 1 0 8 0 amappl5 104 873 0 862 1 0 1 1 0 8 0 amappl4 96 5769 0 5742 1 0 1 1 0 8 0 amappl3 88 2061 0 2055 1 0 1 1 0 8 0 amappl2 80 47436 0 47370 4 2 2 3 0 8 0 amappl1 72 111858 0 111447 28 19 9 20 0 8 0 amappl 80 13642 0 13606 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 143 0 14 3 0 3 3 0 8 0 uaddrrnd 24 5975 0 5949 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5975 0 5949 1 0 1 1 0 8 0 vmmpekpl 168 37077 0 37052 2 0 2 2 0 8 0 vmmpepl 168 695817 0 693873 398 280 118 122 0 357 28 vmsppl 272 5962 0 5949 3 2 1 2 0 8 0 pdppl 4096 11956 0 11922 6 1 5 6 0 8 0 pvpl 32 1574938 0 1556641 462 288 174 277 0 265 19 pmappl 200 5974 0 5961 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 759 0 207 17 0 17 17 0 8 0