panic: kernel diagnostic assertion "ifa == rt->rt_ifa" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 947 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *310011 41493 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e578d,ffffffff821c7dfa,3b3,ffffffff821a1f94) at __assert+0x2b sys/kern/subr_prf.c:154 nd6_rtrequest(ffff800000b10000,1,fffffd803e2de7e8) at nd6_rtrequest+0xbb4 sys/netinet6/nd6.c:947 rtrequest(1,ffff800015931b78,1,ffff800015931c48,0) at rtrequest+0x9be sys/net/route.c:973 rt_ifa_add(ffff800000a98600,240404,ffff800000a98658,0) at rt_ifa_add+0x290 sys/net/route.c:1133 rt_ifa_addlocal(ffff800000a98600) at rt_ifa_addlocal+0x149 sys/net/route.c:1242 in_ifinit(ffff800000b10000,ffff800000a98600,ffff800015931f70,0) at in_ifinit+0x1cf sys/netinet/in.c:614 in_ioctl_sifaddr(8020690c,ffff800015931f60,ffff800000b10000,1) at in_ioctl_sifaddr+0x208 sys/netinet/in.c:360 in_ioctl(8020690c,ffff800015931f60,ffff800000b10000,1) at in_ioctl+0x1e7 sys/netinet/in.c:231 ifioctl(fffffd802e7c8da8,8020690c,ffff800015931f60,ffff8000ffff29f8) at ifioctl+0xb34 sys/net/if.c:2202 sys_ioctl(ffff8000ffff29f8,ffff800015932078,ffff8000159320c0) at sys_ioctl+0x5b9 syscall(ffff800015932140) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,fa98f9d21b0) at Xsyscall+0x128 end of kernel end trace frame: 0xfac38eb4680, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "ifa == rt->rt_ifa" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 947 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e578d,ffffffff821c7dfa,3b3,ffffffff821a1f94) at __assert+0x2b sys/kern/subr_prf.c:154 nd6_rtrequest(ffff800000b10000,1,fffffd803e2de7e8) at nd6_rtrequest+0xbb4 sys/netinet6/nd6.c:947 rtrequest(1,ffff800015931b78,1,ffff800015931c48,0) at rtrequest+0x9be sys/net/route.c:973 rt_ifa_add(ffff800000a98600,240404,ffff800000a98658,0) at rt_ifa_add+0x290 sys/net/route.c:1133 rt_ifa_addlocal(ffff800000a98600) at rt_ifa_addlocal+0x149 sys/net/route.c:1242 in_ifinit(ffff800000b10000,ffff800000a98600,ffff800015931f70,0) at in_ifinit+0x1cf sys/netinet/in.c:614 in_ioctl_sifaddr(8020690c,ffff800015931f60,ffff800000b10000,1) at in_ioctl_sifaddr+0x208 sys/netinet/in.c:360 in_ioctl(8020690c,ffff800015931f60,ffff800000b10000,1) at in_ioctl+0x1e7 sys/netinet/in.c:231 ifioctl(fffffd802e7c8da8,8020690c,ffff800015931f60,ffff8000ffff29f8) at ifioctl+0xb34 sys/net/if.c:2202 sys_ioctl(ffff8000ffff29f8,ffff800015932078,ffff8000159320c0) at sys_ioctl+0x5b9 syscall(ffff800015932140) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff36,0,3,fa98f9d21b0) at Xsyscall+0x128 end of kernel end trace frame: 0xfac38eb4680, count: -14 ddb> show registers rdi 0xffffffff81d502a7 db_enter+0x17 rsi 0x47ad __ALIGN_SIZE+0x37ad rbp 0xffff8000159318b0 rbx 0xffff800015931960 rdx 0x47ae __ALIGN_SIZE+0x37ae rcx 0xffff800017727000 rax 0xffff800017727000 r8 0xffff800015931870 r9 0x1 r10 0xffff800000b04800 r11 0x4293eb2968f76bd3 r12 0x3000000008 r13 0xffff8000159318c0 r14 0x100 r15 0x1 rip 0xffffffff81d502a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000159318a0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=310011 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2018,0xffff8000ffff2c80 process=0xffff8000ffff70f0 user=0xffff80001592d000, vmspace=0xfffffd803f014440 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 40997 275956 52951 0 2 0 syz-executor.1 40997 334483 52951 0 3 0x4000080 fsleep syz-executor.1 41493 270818 29708 0 2 0 syz-executor.0 41493 376026 29708 0 3 0x4000080 ttyin syz-executor.0 41493 140632 29708 0 3 0x4000080 ttyin syz-executor.0 *41493 310011 29708 0 7 0x4000000 syz-executor.0 63787 371239 0 0 3 0x14200 acct acct 52951 276081 3156 0 2 0x482 syz-executor.1 29708 519650 3156 0 3 0x82 nanosleep syz-executor.0 56380 54342 1 0 3 0x100083 ttyin getty 31758 499427 0 0 3 0x14200 bored sosplice 3156 164433 30416 0 3 0x82 thrsleep syz-fuzzer 3156 83032 30416 0 3 0x4000082 thrsleep syz-fuzzer 3156 462905 30416 0 3 0x4000082 kqread syz-fuzzer 3156 245298 30416 0 3 0x4000082 thrsleep syz-fuzzer 3156 110980 30416 0 3 0x4000082 thrsleep syz-fuzzer 3156 176241 30416 0 3 0x4000082 thrsleep syz-fuzzer 3156 347975 30416 0 3 0x4000082 thrsleep syz-fuzzer 30416 505227 60724 0 3 0x10008a pause ksh 60724 423922 56252 0 3 0x92 select sshd 56252 443913 1 0 3 0x80 select sshd 39493 167175 3843 73 3 0x100090 kqread syslogd 3843 143201 1 0 3 0x100082 netio syslogd 43995 359567 1 77 3 0x100090 poll dhclient 53682 498270 1 0 3 0x80 poll dhclient 78133 502080 0 0 2 0x14200 zerothread 56500 60295 0 0 3 0x14200 aiodoned aiodoned 40087 129651 0 0 3 0x14200 syncer update 665 177636 0 0 3 0x14200 cleaner cleaner 34501 58255 0 0 3 0x14200 reaper reaper 96920 99455 0 0 3 0x14200 pgdaemon pagedaemon 63516 472103 0 0 3 0x14200 bored crynlk 46457 260292 0 0 3 0x14200 bored crypto 1294 15188 0 0 3 0x40014200 acpi0 acpi0 95833 300577 0 0 3 0x14200 bored softnet 77943 112704 0 0 3 0x14200 bored systqmp 42114 36731 0 0 3 0x14200 bored systq 56392 156262 0 0 3 0x40014200 bored softclock 68530 284128 0 0 3 0x40014200 idle0 69199 330474 0 0 3 0x14200 bored smr 1 429301 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9585 6447K 7768K 78643K 21768 0 0 pcb 13 10K 12K 78643K 883 0 0 rtable 126 9K 9K 78643K 1695 0 0 ifaddr 84 17K 18K 78643K 496 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 162 0 0 iov 0 0K 32K 78643K 791 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1215 76K 77K 78643K 5267 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 54 0 0 VM map 2 0K 0K 78643K 14 0 0 sem 12 0K 1K 78643K 523 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 3320 0 0 sigio 0 0K 0K 78643K 52 0 0 proc 49 38K 63K 78643K 1125 0 0 subproc 32 2K 2K 78643K 214 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 186 0 0 in_multi 29 1K 2K 78643K 243 0 0 ether_multi 1 0K 0K 78643K 16 0 0 mrt 2 0K 0K 78643K 31 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 150 662K 662K 78643K 150 0 0 exec 0 0K 1K 78643K 662 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 121 22K 40K 78643K 10132 0 0 UVM aobj 106 4K 4K 78643K 142 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 711 0 0 NDP 20 0K 0K 78643K 147 0 0 temp 226 3540K 4180K 78643K 113882 0 0 kqueue 0 0K 0K 78643K 23 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 59 0 54 1 0 1 1 0 8 0 rtpcb 80 582 0 580 1 0 1 1 0 8 0 rtentry 112 318 0 271 2 0 2 2 0 8 0 unpcb 120 1924 0 1908 2 0 2 2 0 8 1 syncache 264 13 0 13 7 6 1 1 0 8 1 tcpqe 32 6437 0 6437 2 2 0 1 0 8 0 tcpcb 544 2128 0 2122 2 1 1 2 0 8 0 ipq 40 19 0 19 8 8 0 1 0 8 0 ipqe 40 48 0 48 8 8 0 1 0 8 0 inpcb 280 5174 0 5163 25 23 2 13 0 8 1 rttmr 72 10 0 9 8 7 1 1 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 1 0 1 1 1 0 1 0 8 0 nd6 48 32 0 27 4 3 1 1 0 8 0 pkpcb 40 18 0 18 8 7 1 1 0 8 1 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 64 0 64 21 21 0 1 0 8 0 art_heap8 4096 13 0 11 9 7 2 3 0 8 0 art_heap4 256 1337 0 1050 33 15 18 18 0 8 0 art_table 32 1350 0 1061 4 1 3 3 0 8 0 art_node 16 313 0 270 1 0 1 1 0 8 0 sysvmsgpl 40 13 0 6 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 521 0 511 1 0 1 1 0 8 0 shmpl 112 140 0 36 4 1 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 7562 0 6163 46 0 46 46 0 8 0 ffsino 240 7562 0 6163 84 0 84 84 0 8 0 nchpl 144 12687 0 11073 60 0 60 60 0 8 0 uvmvnodes 72 6397 0 0 117 0 117 117 0 8 0 vnodes 208 6397 0 0 337 0 337 337 0 8 0 namei 1024 52380 0 52380 3 2 1 1 0 8 1 vmpool 520 12 0 12 6 6 0 1 0 8 0 scsiplug 64 3 0 3 2 2 0 1 0 8 0 scxspl 192 41556 0 41556 26 24 2 7 0 8 2 plimitpl 152 265 0 258 1 0 1 1 0 8 0 sigapl 432 3463 0 3449 2 0 2 2 0 8 0 futexpl 56 91858 0 91857 1 0 1 1 0 8 0 knotepl 112 795 0 776 3 2 1 3 0 8 0 kqueuepl 104 837 0 835 1 0 1 1 0 8 0 pipepl 112 1788 0 1769 9 8 1 2 0 8 0 fdescpl 424 3464 0 3449 2 0 2 2 0 8 0 filepl 120 37645 0 37532 24 20 4 11 0 8 0 lockfpl 104 2818 0 2817 1 0 1 1 0 8 0 lockfspl 48 856 0 855 1 0 1 1 0 8 0 sessionpl 112 29 0 19 1 0 1 1 0 8 0 pgrppl 48 57 0 47 1 0 1 1 0 8 0 ucredpl 96 11456 0 11448 1 0 1 1 0 8 0 zombiepl 144 3452 0 3452 3 2 1 1 0 8 1 processpl 864 3483 0 3452 4 0 4 4 0 8 0 procpl 632 8804 0 8763 12 7 5 5 0 8 1 sosppl 128 62 0 62 18 18 0 1 0 8 0 sockpl 384 7756 0 7727 45 40 5 21 0 8 2 mcl64k 65536 515 0 515 38 37 1 32 0 8 1 mcl16k 16384 35 0 35 18 17 1 1 0 8 1 mcl12k 12288 81 0 81 17 16 1 1 0 8 1 mcl9k 9216 55 0 55 18 17 1 1 0 8 1 mcl8k 8192 112 0 112 14 13 1 1 0 8 1 mcl4k 4096 425 0 425 2 1 1 1 0 8 1 mcl2k2 2112 28 0 28 15 14 1 1 0 8 1 mcl2k 2048 58664 0 58619 20 13 7 12 0 8 0 mtagpl 80 855 0 733 9 6 3 4 0 8 0 mbufpl 256 125584 0 125224 98 73 25 47 0 8 1 bufpl 256 19530 0 13122 401 0 401 401 0 8 0 anonpl 16 400119 0 383809 242 160 82 84 0 62 13 amapchunkpl 152 20068 0 19950 88 79 9 19 0 158 1 amappl16 192 20862 0 19931 221 166 55 59 0 8 8 amappl15 184 95 0 95 1 1 0 1 0 8 0 amappl14 176 573 0 567 2 1 1 1 0 8 0 amappl12 160 1366 0 1362 1 0 1 1 0 8 0 amappl11 152 1004 0 993 1 0 1 1 0 8 0 amappl10 144 341 0 337 1 0 1 1 0 8 0 amappl9 136 704 0 698 1 0 1 1 0 8 0 amappl8 128 312 0 269 2 0 2 2 0 8 0 amappl7 120 390 0 382 1 0 1 1 0 8 0 amappl6 112 986 0 976 1 0 1 1 0 8 0 amappl5 104 1591 0 1581 1 0 1 1 0 8 0 amappl4 96 3254 0 3227 1 0 1 1 0 8 0 amappl3 88 1016 0 1010 1 0 1 1 0 8 0 amappl2 80 26526 0 26450 4 2 2 3 0 8 0 amappl1 72 74679 0 74267 28 19 9 20 0 8 0 amappl 80 9227 0 9186 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 141 0 36 2 0 2 2 0 8 0 uaddrrnd 24 3476 0 3449 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3476 0 3449 1 0 1 1 0 8 0 vmmpekpl 168 27129 0 27101 2 0 2 2 0 8 0 vmmpepl 168 423624 0 421533 327 228 99 127 0 357 5 vmsppl 272 3463 0 3449 4 3 1 2 0 8 0 pdppl 4096 6958 0 6922 6 1 5 6 0 8 0 pvpl 32 1045228 0 1025693 432 238 194 222 0 265 32 pmappl 200 3475 0 3461 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 737 0 185 16 0 16 16 0 8 0