assert "cifp != NULL" failed in route.c (5)
3 views
Skip to first unread message
syzbot
Jul 17, 2025, 10:40:34 PM7/17/25
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: aa829d585f3f sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17b217d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=fc1ac0e84ae2b49a13c5
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0398ef4daa5f/disk-aa829d58.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/2765912d6bc9/bsd-aa829d58.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b97fdbf70dce/kernel-aa829d58.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fc1ac0...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1089
Starting stack trace...
panic(ffffffff8343665d) at panic+0x1ba sys/kern/subr_prf.c:229
__assert(ffffffff833e119e,ffffffff83380a76,441,ffffffff8333d5e1) at __assert+0x29 sys/kern/subr_prf.c:-1
rtrequest(1,ffff80003c9676a8,8,ffff80003c967778,0) at rtrequest+0xf6d sys/net/route.c:1089
rt_ifa_add(ffff80000149f000,40004,ffff80000149f068,0) at rt_ifa_add+0x38d sys/net/route.c:1284
in_ifinit
(ffff80002a8395e8,ffff80000149f000,ffff80003c967898,1) at in_ifinit+0x542 sys/netinet/in.c:-1
pppx_add_session(ffff80000142cf00,ffff800001638800) at pppx_add_session+0x474 sys/net/if_pppx.c:717
VOP_IOCTL(fffffd806f3b4298,82907003,ffff800001638800,1,fffffd8007bfb618,ffff80003c9374b8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806bee0718,82907003,ffff800001638800,ffff80003c9374b8) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80003c9374b8,ffff80003c967cb0,ffff80003c967c00) at sys_ioctl+0x5bf sys/kern/sys_generic.c:-1
syscall(ffff80003c967cb0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c967cb0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd388269040, count: 246
End of stack trace.
syncing disks...set $lines = 0
set $maxwidth = 0
show panic
trace
show registers
show proc
ps
show all locks
show malloc
show all pools
machine ddbcpu 0
trace
machine ddbcpu 1
trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: aa829d585f3f sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17b217d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=fc1ac0e84ae2b49a13c5
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0398ef4daa5f/disk-aa829d58.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/2765912d6bc9/bsd-aa829d58.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b97fdbf70dce/kernel-aa829d58.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fc1ac0...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "cifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/net/route.c", line 1089
Starting stack trace...
panic(ffffffff8343665d) at panic+0x1ba sys/kern/subr_prf.c:229
__assert(ffffffff833e119e,ffffffff83380a76,441,ffffffff8333d5e1) at __assert+0x29 sys/kern/subr_prf.c:-1
rtrequest(1,ffff80003c9676a8,8,ffff80003c967778,0) at rtrequest+0xf6d sys/net/route.c:1089
rt_ifa_add(ffff80000149f000,40004,ffff80000149f068,0) at rt_ifa_add+0x38d sys/net/route.c:1284
in_ifinit
(ffff80002a8395e8,ffff80000149f000,ffff80003c967898,1) at in_ifinit+0x542 sys/netinet/in.c:-1
pppx_add_session(ffff80000142cf00,ffff800001638800) at pppx_add_session+0x474 sys/net/if_pppx.c:717
VOP_IOCTL(fffffd806f3b4298,82907003,ffff800001638800,1,fffffd8007bfb618,ffff80003c9374b8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806bee0718,82907003,ffff800001638800,ffff80003c9374b8) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531
sys_ioctl(ffff80003c9374b8,ffff80003c967cb0,ffff80003c967c00) at sys_ioctl+0x5bf sys/kern/sys_generic.c:-1
syscall(ffff80003c967cb0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c967cb0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd388269040, count: 246
End of stack trace.
syncing disks...set $lines = 0
set $maxwidth = 0
show panic
trace
show registers
show proc
ps
show all locks
show malloc
show all pools
machine ddbcpu 0
trace
machine ddbcpu 1
trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages