panic: kernel diagnostic assertion "ifa == rt->rt_ifa" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 947
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*344139 94560 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff821e49ce,ffffffff821c70b3,3b3,ffffffff821a05f0) at __assert+0x2b sys/kern/subr_prf.c:154
nd6_rtrequest(ffff800000ae3000,1,fffffd802ea8b938) at nd6_rtrequest+0xbb4 sys/netinet6/nd6.c:947
rtrequest(1,ffff800016b29d58,1,ffff800016b29e28,0) at rtrequest+0x9be sys/net/route.c:973
rt_ifa_add(ffff800000a74400,240404,ffff800000a74458,0) at rt_ifa_add+0x290 sys/net/route.c:1133
rt_ifa_addlocal(ffff800000a74400) at rt_ifa_addlocal+0x149 sys/net/route.c:1242
in_ifinit(ffff800000ae3000,ffff800000a74400,ffff800016b2a150,0) at in_ifinit+0x1cf sys/netinet/in.c:614
in_ioctl_sifaddr(8020690c,ffff800016b2a140,ffff800000ae3000,1) at in_ioctl_sifaddr+0x208 sys/netinet/in.c:360
in_ioctl(8020690c,ffff800016b2a140,ffff800000ae3000,1) at in_ioctl+0x1e7 sys/netinet/in.c:231
ifioctl(fffffd8038553300,8020690c,ffff800016b2a140,ffff8000ffff2018) at ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff8000ffff2018,ffff800016b2a258,ffff800016b2a2a0) at sys_ioctl+0x5b9
syscall(ffff800016b2a320) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,aff218e7010) at Xsyscall+0x128
end of kernel
end trace frame: 0xb01ebbc77e0, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel diagnostic assertion "ifa == rt->rt_ifa" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 947
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff821e49ce,ffffffff821c70b3,3b3,ffffffff821a05f0) at __assert+0x2b sys/kern/subr_prf.c:154
nd6_rtrequest(ffff800000ae3000,1,fffffd802ea8b938) at nd6_rtrequest+0xbb4 sys/netinet6/nd6.c:947
rtrequest(1,ffff800016b29d58,1,ffff800016b29e28,0) at rtrequest+0x9be sys/net/route.c:973
rt_ifa_add(ffff800000a74400,240404,ffff800000a74458,0) at rt_ifa_add+0x290 sys/net/route.c:1133
rt_ifa_addlocal(ffff800000a74400) at rt_ifa_addlocal+0x149 sys/net/route.c:1242
in_ifinit(ffff800000ae3000,ffff800000a74400,ffff800016b2a150,0) at in_ifinit+0x1cf sys/netinet/in.c:614
in_ioctl_sifaddr(8020690c,ffff800016b2a140,ffff800000ae3000,1) at in_ioctl_sifaddr+0x208 sys/netinet/in.c:360
in_ioctl(8020690c,ffff800016b2a140,ffff800000ae3000,1) at in_ioctl+0x1e7 sys/netinet/in.c:231
ifioctl(fffffd8038553300,8020690c,ffff800016b2a140,ffff8000ffff2018) at ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff8000ffff2018,ffff800016b2a258,ffff800016b2a2a0) at sys_ioctl+0x5b9
syscall(ffff800016b2a320) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,aff218e7010) at Xsyscall+0x128
end of kernel
end trace frame: 0xb01ebbc77e0, count: -14
ddb> show registers
rdi 0xffffffff8191b2f7 db_enter+0x17
rsi 0x46df __ALIGN_SIZE+0x36df
rbp 0xffff800016b29a90
rbx 0xffff800016b29b40
rdx 0x46e0 __ALIGN_SIZE+0x36e0
rcx 0xffff80001591b000
rax 0xffff80001591b000
r8 0xffff800016b29a50
r9 0x1
r10 0xffff800000a649c0
r11 0x24371522e9cf3741
r12 0x3000000008
r13 0xffff800016b29aa0
r14 0x100
r15 0x1
rip 0xffffffff8191b2f8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800016b29a80
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=344139 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff29f8,0xffffffff825602a0
process=0xffff8000ffff6d90 user=0xffff800016b25000, vmspace=0xfffffd803f013cc0
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
94560 202188 42616 0 2 0 syz-executor.0
*94560 344139 42616 0 7 0x4000000 syz-executor.0
42616 255348 88034 0 3 0x82 nanosleep syz-executor.0
46039 185011 88034 0 2 0x2 syz-executor.1
40205 437502 0 0 3 0x14200 bored sosplice
88034 45605 90169 0 3 0x82 thrsleep syz-fuzzer
88034 355644 90169 0 3 0x4000082 nanosleep syz-fuzzer
88034 500233 90169 0 3 0x4000082 kqread syz-fuzzer
88034 45553 90169 0 3 0x4000082 thrsleep syz-fuzzer
88034 173188 90169 0 3 0x4000082 thrsleep syz-fuzzer
88034 463132 90169 0 3 0x4000082 thrsleep syz-fuzzer
88034 155605 90169 0 3 0x4000082 thrsleep syz-fuzzer
90169 400372 58737 0 3 0x10008a pause ksh
58737 286537 78400 0 3 0x92 select sshd
62824 292617 1 0 3 0x100083 ttyin getty
78400 385291 1 0 3 0x80 select sshd
97425 450466 27128 73 3 0x100090 kqread syslogd
27128 204774 1 0 3 0x100082 netio syslogd
40034 395295 0 0 2 0x14200 zerothread
86792 269339 0 0 3 0x14200 aiodoned aiodoned
67132 333424 0 0 3 0x14200 syncer update
57914 281965 0 0 3 0x14200 cleaner cleaner
71439 446592 0 0 3 0x14200 reaper reaper
34946 365507 0 0 3 0x14200 pgdaemon pagedaemon
23192 71153 0 0 3 0x14200 bored crynlk
21666 521410 0 0 3 0x14200 bored crypto
38128 108287 0 0 3 0x40014200 acpi0 acpi0
60089 512730 0 0 3 0x14200 bored softnet
54697 339655 0 0 3 0x14200 bored systqmp
41531 10067 0 0 3 0x14200 bored systq
70648 223564 0 0 3 0x40014200 bored softclock
33645 227339 0 0 3 0x40014200 idle0
81256 511937 0 0 3 0x14200 bored smr
1 378657 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9507 6280K 6730K 78643K 11679 0 0
pcb 13 8K 9K 78643K 151 0 0
rtable 119 5K 5K 78643K 384 0 0
ifaddr 64 14K 14K 78643K 139 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 29 0 0
iov 0 0K 16K 78643K 108 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1208 76K 77K 78643K 1626 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 9K 78643K 9 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 12 0K 0K 78643K 94 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 5 13K 25K 78643K 501 0 0
sigio 0 0K 0K 78643K 12 0 0
proc 45 30K 54K 78643K 479 0 0
subproc 32 2K 2K 78643K 68 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 57 0 0
in_multi 34 2K 2K 78643K 66 0 0
ether_multi 1 0K 0K 78643K 1 0 0
mrt 0 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 78 344K 344K 78643K 78 0 0
exec 0 0K 1K 78643K 256 0 0
pfkey data 0 0K 0K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 89 21K 23K 78643K 2075 0 0
UVM aobj 16 2K 2K 78643K 24 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 94 0 0
NDP 13 0K 0K 78643K 39 0 0
temp 162 3532K 3604K 78643K 12562 0 0
kqueue 0 0K 0K 78643K 12 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 20 0 15 1 0 1 1 0 8 0
rtpcb 80 63 0 63 2 1 1 1 0 8 1
rtentry 112 103 0 55 2 0 2 2 0 8 0
unpcb 120 210 0 204 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 7628 0 7628 2 2 0 2 0 8 0
tcpcb 544 188 0 184 3 2 1 3 0 8 0
ipq 40 2 0 2 1 1 0 1 0 8 0
ipqe 40 4 0 4 1 1 0 1 0 8 0
inpcb 280 559 0 553 7 5 2 4 0 8 1
nd6 48 10 0 4 1 0 1 1 0 8 0
pkpcb 40 4 0 4 2 1 1 1 0 8 1
ppxss 1128 9 0 9 2 1 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 380 0 139 17 1 16 16 0 8 0
art_table 32 381 0 139 2 0 2 2 0 8 0
art_node 16 100 0 59 1 0 1 1 0 8 0
sysvmsgpl 40 15 0 6 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 92 0 82 1 0 1 1 0 8 0
shmpl 112 22 0 8 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 2163 0 772 46 0 46 46 0 8 0
ffsino 240 2163 0 772 83 0 83 83 0 8 0
nchpl 144 3398 0 1798 61 0 61 61 0 8 0
uvmvnodes 72 2475 0 0 45 0 45 45 0 8 0
vnodes 208 2475 0 0 131 0 131 131 0 8 0
namei 1024 9812 0 9812 4 3 1 1 0 8 1
scxspl 192 12926 0 12926 11 10 1 7 0 8 1
plimitpl 152 72 0 66 1 0 1 1 0 8 0
sigapl 432 666 0 655 2 0 2 2 0 8 0
futexpl 56 14960 0 14960 3 2 1 1 0 8 1
knotepl 112 760 0 741 4 2 2 2 0 8 1
kqueuepl 104 1674 0 1672 2 1 1 2 0 8 0
pipepl 112 378 0 359 2 1 1 1 0 8 0
fdescpl 424 667 0 655 2 0 2 2 0 8 0
filepl 120 6757 0 6667 8 3 5 5 0 8 2
lockfpl 104 164 0 164 2 1 1 1 0 8 1
lockfspl 48 57 0 57 2 1 1 1 0 8 1
sessionpl 112 19 0 11 1 0 1 1 0 8 0
pgrppl 48 23 0 15 1 0 1 1 0 8 0
ucredpl 96 672 0 666 1 0 1 1 0 8 0
zombiepl 144 655 0 655 3 2 1 1 0 8 1
processpl 864 682 0 655 4 0 4 4 0 8 0
procpl 632 1282 0 1248 4 0 4 4 0 8 0
sosppl 128 15 0 15 3 2 1 1 0 8 1
sockpl 384 842 0 830 8 5 3 5 0 8 1
mcl64k 65536 35 0 35 2 1 1 1 0 8 1
mcl16k 16384 5 0 5 3 2 1 1 0 8 1
mcl12k 12288 17 0 17 2 1 1 1 0 8 1
mcl9k 9216 7 0 7 2 1 1 1 0 8 1
mcl8k 8192 24 0 24 2 1 1 1 0 8 1
mcl4k 4096 57 0 57 3 2 1 1 0 8 1
mcl2k2 2112 11 0 11 4 3 1 1 0 8 1
mcl2k 2048 52183 0 52140 38 31 7 29 0 8 1
mtagpl 80 22 0 20 2 1 1 1 0 8 0
mbufpl 256 88589 0 88497 26 15 11 17 0 8 4
bufpl 256 8953 0 2846 382 0 382 382 0 8 0
anonpl 16 78327 0 62427 84 8 76 82 0 62 9
amapchunkpl 152 3570 0 3472 17 8 9 15 0 158 4
amappl16 192 3158 0 2257 50 3 47 47 0 8 1
amappl15 184 8 0 8 1 1 0 1 0 8 0
amappl14 176 42 0 38 2 1 1 1 0 8 0
amappl13 168 24 0 22 1 0 1 1 0 8 0
amappl12 160 7 0 4 1 0 1 1 0 8 0
amappl11 152 53 0 49 1 0 1 1 0 8 0
amappl10 144 145 0 143 2 1 1 1 0 8 0
amappl9 136 906 0 896 1 0 1 1 0 8 0
amappl8 128 467 0 440 1 0 1 1 0 8 0
amappl7 120 180 0 174 1 0 1 1 0 8 0
amappl6 112 71 0 62 1 0 1 1 0 8 0
amappl5 104 163 0 156 1 0 1 1 0 8 0
amappl4 96 881 0 859 1 0 1 1 0 8 0
amappl3 88 135 0 130 1 0 1 1 0 8 0
amappl2 80 4416 0 4358 4 2 2 3 0 8 0
amappl1 72 21757 0 21377 26 16 10 20 0 8 0
amappl 80 1552 0 1521 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 23 0 8 1 0 1 1 0 8 0
uaddrrnd 24 667 0 655 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 667 0 655 1 0 1 1 0 8 0
vmmpekpl 168 8630 0 8603 2 0 2 2 0 8 0
vmmpepl 168 86008 0 84141 176 65 111 115 0 357 24
vmsppl 272 666 0 655 2 1 1 2 0 8 0
pdppl 4096 1340 0 1310 6 1 5 6 0 8 0
pvpl 32 277571 0 258667 323 53 270 297 0 265 115
pmappl 200 666 0 655 1 0 1 1 0 8 0
extentpl 40 41 0 26 1 0 1 1 0 8 0
phpool 112 577 0 62 15 0 15 15 0 8 0