assert "!ISSET(rt->rt_flags, RTF_LOCAL)" failed in nd6.c (3)
0 views
Skip to first unread message
syzbot
Apr 18, 2024, 11:54:22 PM (13 days ago) Apr 18
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3ed32226cff5 proc_trampoline_mp() was replaced by proc_tra..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=153144f7180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=60bfc238013b71f7eb2e
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/23a3f696d614/disk-3ed32226.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/4e736cdaa4b7/bsd-3ed32226.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a3b944f18694/kernel-3ed32226.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+60bfc2...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "!ISSET(rt->rt_flags, RTF_LOCAL)" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 685
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292d383) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff828e2473,ffffffff828addbc,2ad,ffffffff828aad51) at __assert+0x29 sys/kern/subr_prf.c:157
nd6_free(fffffd80736ad548) at nd6_free+0x1f4 sys/netinet6/nd6.c:685
nd6_purge(ffff800000e98800) at nd6_purge+0xf6 sys/netinet6/nd6.c:486
in6_ifdetach(ffff800000e98800) at in6_ifdetach+0xa8 sys/netinet6/in6_ifattach.c:437
if_detach(ffff800000e98800) at if_detach+0x237 sys/net/if.c:1220
tun_clone_destroy(ffff800000e98800) at tun_clone_destroy+0x1ce sys/net/if_tun.c:339
if_clone_destroy(ffff8000377e7880) at if_clone_destroy+0x132 sys/net/if.c:1384
tun_dev_close(5d02,7) at tun_dev_close+0x141 sys/net/if_tun.c:521
spec_close(ffff8000377e7950) at spec_close+0x2d4 sys/kern/spec_vnops.c:538
VOP_CLOSE(fffffd8073304020,7,fffffd807f7d7548,ffff80002a6e42b0) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:156
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 sys/kern/vfs_vnops.c:609
fdrop(fffffd807544fca8,ffff80002a6e42b0) at fdrop+0xd5 sys/kern/kern_descrip.c:1274
end trace frame: 0xffff8000377e7ad0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "!ISSET(rt->rt_flags, RTF_LOCAL)" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 685
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292d383) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff828e2473,ffffffff828addbc,2ad,ffffffff828aad51) at __assert+0x29 sys/kern/subr_prf.c:157
nd6_free(fffffd80736ad548) at nd6_free+0x1f4 sys/netinet6/nd6.c:685
nd6_purge(ffff800000e98800) at nd6_purge+0xf6 sys/netinet6/nd6.c:486
in6_ifdetach(ffff800000e98800) at in6_ifdetach+0xa8 sys/netinet6/in6_ifattach.c:437
if_detach(ffff800000e98800) at if_detach+0x237 sys/net/if.c:1220
tun_clone_destroy(ffff800000e98800) at tun_clone_destroy+0x1ce sys/net/if_tun.c:339
if_clone_destroy(ffff8000377e7880) at if_clone_destroy+0x132 sys/net/if.c:1384
tun_dev_close(5d02,7) at tun_dev_close+0x141 sys/net/if_tun.c:521
spec_close(ffff8000377e7950) at spec_close+0x2d4 sys/kern/spec_vnops.c:538
VOP_CLOSE(fffffd8073304020,7,fffffd807f7d7548,ffff80002a6e42b0) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:156
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 sys/kern/vfs_vnops.c:609
fdrop(fffffd807544fca8,ffff80002a6e42b0) at fdrop+0xd5 sys/kern/kern_descrip.c:1274
closef(fffffd807544fca8,ffff80002a6e42b0) at closef+0x11b sys/kern/kern_descrip.c:1258
fdfree(ffff80002a6e42b0) at fdfree+0xe3 sys/kern/kern_descrip.c:1190
exit1(ffff80002a6e42b0,0,9,1) at exit1+0x371 sys/kern/kern_exit.c:199
sigexit(ffff80002a6e42b0,9) at sigexit+0xcd sys/kern/kern_sig.c:1594
postsig(ffff80002a6e42b0,9,ffff8000377e7d28) at postsig+0x554 sys/kern/kern_sig.c:1521
userret(ffff80002a6e42b0) at userret+0x14e sys/kern/kern_sig.c:2017
syscall(ffff8000377e7e60) at syscall+0x7e8 mi_syscall_return sys/sys/syscall_mi.h:207 [inline]
syscall(ffff8000377e7e60) at syscall+0x7e8 sys/arch/amd64/amd64/trap.c:598
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c411075cde0, count: -22
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000377e7590
rbx 0xfffffd8069ea94e0
rdx 0
rcx 0
rax 0xffff80002a6e42b0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x37c66624c739255a
r11 0xf9a25ef8f5ae5af7
r12 0
r13 0x200000 acpi_pdirpa+0x1ebe71
r14 0
r15 0x1
rip 0xffffffff8145b06c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff8000377e7580
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.2) tid=338735 pid=16860 tcnt=1 stat=onproc
flags process=800000a<EXEC,EXITING> proc=2000<WEXIT>
runpri=32, usrpri=51, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002f51f750,0xffff80002a62ca60
process=0xffff8000ffff7250 user=0xffff8000377e2000, vmspace=0xfffffd80696236c8
estcpu=1, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
24821 356425 0 0 3 0x14200 acct acct
28336 253495 65437 0 2 0x8000002 syz-executor.7
69801 95301 65437 0 2 0x8000002 syz-executor.5
65644 251908 65437 0 2 0x8000002 syz-executor.3
3991 391616 0 0 3 0x14200 bored sosplice
65437 513486 63793 0 3 0x1a000082 thrsleep syz-fuzzer
65437 226431 63793 0 3 0x1e000082 thrsleep syz-fuzzer
65437 211597 63793 0 3 0x1e000082 wait syz-fuzzer
65437 458163 63793 0 3 0x1e000082 wait syz-fuzzer
65437 384943 63793 0 3 0x1e000082 wait syz-fuzzer
65437 54850 63793 0 3 0x1e000082 thrsleep syz-fuzzer
65437 101452 63793 0 3 0x1e000082 wait syz-fuzzer
65437 39280 63793 0 3 0x1e000082 wait syz-fuzzer
65437 448177 63793 0 3 0x1e000082 wait syz-fuzzer
65437 218683 63793 0 3 0x1e000082 thrsleep syz-fuzzer
65437 325138 63793 0 3 0x1e000082 wait syz-fuzzer
65437 63196 63793 0 3 0x1e000082 wait syz-fuzzer
65437 300223 63793 0 3 0x1e000082 kqread syz-fuzzer
65437 422310 63793 0 3 0x1e000082 thrsleep syz-fuzzer
63793 513150 37199 0 3 0x810008a sigsusp ksh
37199 92836 27674 0 3 0x1800009a kqread sshd
94593 253184 1 0 3 0x18100083 ttyin getty
27674 122481 1 0 3 0x18000088 kqread sshd
70339 148074 83712 73 3 0x19100010 ffs_fsync syslogd
83712 108102 1 0 3 0x18100082 sbwait syslogd
45674 5139 1 0 3 0x18100080 kqread resolvd
65900 398341 78505 77 3 0x18100092 kqread dhcpleased
7029 369069 78505 77 3 0x18100092 kqread dhcpleased
78505 345215 1 0 3 0x18000080 kqread dhcpleased
94794 172737 0 0 3 0x14200 bored smr
81152 96748 0 0 2 0x14200 zerothread
15020 283619 0 0 3 0x14200 aiodoned aiodoned
90808 197573 0 0 2 0x14600 update
84564 242459 0 0 3 0x14200 cleaner cleaner
75331 170354 0 0 2 0x14200 reaper
7709 299432 0 0 3 0x14200 pgdaemon pagedaemon
23988 425230 0 0 3 0x14200 bored viomb
97774 130340 0 0 3 0x40014200 acpi0 acpi0
60704 136372 0 0 3 0x14200 bored softnet3
92183 226179 0 0 3 0x14200 bored softnet2
99717 163251 0 0 3 0x14200 bored softnet1
3147 394093 0 0 3 0x14200 bored softnet0
58151 379407 0 0 2 0x14200 systqmp
6000 513091 0 0 3 0x14200 bored systq
61635 386884 0 0 2 0x40014200 softclock
27160 377597 0 0 3 0x40014200 idle0
1 49401 0 0 3 0x8000082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10172 6412K 6877K 166960K 12876 0
pcb 17 12K 12K 166960K 152 0
rtable 210 6K 8K 166960K 1116 0
pf 29 8K 9K 166960K 98 0
ifaddr 39 10K 11K 166960K 149 0
ifgroup 50 2K 2K 166960K 169 0
sysctl 3 0K 0K 166960K 5 0
counters 30 17K 17K 166960K 62 0
ioctlops 0 0K 2K 166960K 130 0
iov 0 0K 24K 166960K 198 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1420 89K 90K 166960K 2625 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 52 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 117 0
dirhash 12 2K 2K 166960K 30 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 10 33K 97K 166960K 1491 0
sigio 0 0K 0K 166960K 45 0
proc 58 59K 116K 166960K 1176 0
subproc 104 6K 6K 166960K 390 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 147 0
in_multi 83 6K 7K 166960K 368 0
ether_multi 1 0K 0K 166960K 9 0
mrt 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 109 493K 493K 166960K 109 0
exec 0 0K 1K 166960K 750 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 274 103K 111K 166960K 14234 0
UVM aobj 131 6K 6K 166960K 146 0
pinsyscall 30 60K 100K 166960K 3202 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 85 0
NDP 11 0K 2K 166960K 103 0
temp 74 6812K 6891K 166960K 56644 0
kqueue 12 18K 26K 166960K 199 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 251 0 248 3 0 3 3 0 8 2
rtentry 112 380 0 285 4 0 4 4 0 8 0
unpcb 144 846 0 833 3 0 3 3 0 8 2
syncache 336 4 0 4 1 0 1 1 0 8 1
tcpqe 32 17 0 17 1 0 1 1 0 8 1
tcpcb 808 398 0 393 8 0 8 8 0 8 7
arp 88 68 0 52 1 0 1 1 0 8 0
ipq 40 4 0 3 1 0 1 1 0 8 0
ipqe 40 56 0 55 1 0 1 1 0 8 0
inpcb 360 1391 0 1383 8 0 8 8 0 8 7
nd6 104 99 0 76 1 0 1 1 0 8 0
pkpcb 40 10 0 10 1 0 1 1 0 8 1
kcovpl 48 30 0 22 1 0 1 1 0 8 0
ppxss 1072 7 0 7 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1461 0 1034 40 11 29 29 0 8 0
art_table 32 1462 0 1034 4 0 4 4 0 8 0
art_node 16 375 0 277 1 0 1 1 0 8 0
sysvmsgpl 40 29 0 24 1 0 1 1 0 8 0
semupl 112 4 0 4 1 0 1 1 0 8 1
semapl 112 113 0 103 1 0 1 1 0 8 0
shmpl 112 143 0 15 4 0 4 4 0 8 0
dirhash 1024 29 0 12 3 0 3 3 0 8 0
dino2pl 256 3498 0 1986 96 0 96 96 0 8 0
ffsino 240 3498 0 1986 90 0 90 90 0 8 0
nchpl 144 5591 0 3861 66 0 66 66 0 8 0
uvmvnodes 80 4507 0 0 92 0 92 92 0 8 0
vnodes 216 4507 0 0 251 0 251 251 0 8 0
namei 1024 20533 0 20533 2 0 2 2 0 8 2
vcpupl 3904 4 0 1 1 0 1 1 0 8 0
vmpool 664 11 0 8 1 0 1 1 0 8 0
kstatmem 264 86 0 64 2 0 2 2 0 8 0
scsiplug 72 6 0 6 1 0 1 1 0 8 1
scxspl 216 38322 0 38321 8 0 8 8 1 8 7
plimitpl 152 190 0 174 1 0 1 1 0 8 0
sigapl 424 1766 0 1722 9 0 9 9 0 8 2
futexpl 64 19044 0 19044 1 0 1 1 0 8 1
knotepl 120 6030 0 5958 12 0 12 12 0 8 8
kqueuepl 184 358 0 350 1 0 1 1 0 8 0
pipepl 288 387 0 364 7 0 7 7 0 8 4
fdescpl 432 1728 0 1707 5 0 5 5 0 8 1
filepl 120 10417 0 10194 16 1 15 16 0 8 7
lockfpl 104 254 0 252 1 0 1 1 0 8 0
lockfspl 48 107 0 105 1 0 1 1 0 8 0
sessionpl 144 45 0 29 1 0 1 1 0 8 0
pgrppl 48 65 0 49 1 0 1 1 0 8 0
ucredpl 104 1673 0 1663 1 0 1 1 0 8 0
zombiepl 144 1732 0 1722 1 0 1 1 0 8 0
processpl 1072 1766 0 1722 5 0 5 5 0 8 0
procpl 656 3103 0 3041 9 0 9 9 0 8 2
sosppl 168 13 0 13 1 0 1 1 0 8 1
sockpl 504 2518 0 2494 21 10 11 18 0 8 8
mcl64k 65536 3 0 3 1 0 1 1 0 8 1
mcl12k 12288 14 0 14 1 0 1 1 0 8 1
mcl9k 9216 17 0 17 1 0 1 1 0 8 1
mcl8k 8192 20 0 20 1 0 1 1 0 8 1
mcl4k 4096 10 0 10 1 0 1 1 0 8 1
mcl2k2 2112 1 0 1 1 0 1 1 0 8 1
mcl2k 2048 26343 0 26245 38 18 20 38 0 8 6
mtagpl 96 32 0 29 1 0 1 1 0 8 0
mbufpl 256 76771 0 76611 83 57 26 65 0 8 8
bufpl 280 9838 0 2888 497 0 497 497 0 8 0
anonpl 24 367002 0 356303 66 0 66 66 0 188 0
amapchunkpl 152 47538 0 46644 38 0 38 38 0 158 0
amappl16 200 8500 0 8372 23 7 16 19 0 8 8
amappl15 192 15 0 15 1 0 1 1 0 8 1
amappl14 184 212 0 201 2 0 2 2 0 8 1
amappl13 176 17 0 17 1 0 1 1 0 8 1
amappl12 168 2683 0 2656 2 0 2 2 0 8 0
amappl11 160 67 0 57 1 0 1 1 0 8 0
amappl10 152 63 0 53 1 0 1 1 0 8 0
amappl9 144 163 0 162 1 0 1 1 0 8 0
amappl8 136 162 0 133 2 0 2 2 0 8 0
amappl7 128 65 0 52 1 0 1 1 0 8 0
amappl6 120 665 0 650 2 0 2 2 0 8 1
amappl5 112 264 0 252 1 0 1 1 0 8 0
amappl4 104 654 0 625 2 0 2 2 0 8 1
amappl3 96 9328 0 9253 3 0 3 3 0 8 0
amappl2 88 2216 0 2144 4 0 4 4 0 8 2
amappl1 80 15045 0 14544 22 2 20 22 0 8 8
amappl 88 13489 0 13305 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 145 0 15 3 0 3 3 0 8 0
uaddrrnd 24 1739 0 1711 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1739 0 1711 1 0 1 1 0 8 0
vmmpekpl 168 16802 0 16739 4 0 4 4 0 8 0
vmmpepl 168 128057 0 126276 112 0 112 112 0 357 27
vmsppl 344 1738 0 1710 4 0 4 4 0 8 0
rwobjpl 24 41776 0 36077 35 0 35 35 0 8 0
pdppl 4096 3484 0 3423 194 127 67 83 0 8 6
pvpl 32 915414 0 897857 361 14 347 361 0 265 194
pmappl 216 1738 0 1710 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 590 0 223 12 0 12 12 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292d383) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff828e2473,ffffffff828addbc,2ad,ffffffff828aad51) at __assert+0x29 sys/kern/subr_prf.c:157
nd6_free(fffffd80736ad548) at nd6_free+0x1f4 sys/netinet6/nd6.c:685
nd6_purge(ffff800000e98800) at nd6_purge+0xf6 sys/netinet6/nd6.c:486
in6_ifdetach(ffff800000e98800) at in6_ifdetach+0xa8 sys/netinet6/in6_ifattach.c:437
if_detach(ffff800000e98800) at if_detach+0x237 sys/net/if.c:1220
tun_clone_destroy(ffff800000e98800) at tun_clone_destroy+0x1ce sys/net/if_tun.c:339
if_clone_destroy(ffff8000377e7880) at if_clone_destroy+0x132 sys/net/if.c:1384
tun_dev_close(5d02,7) at tun_dev_close+0x141 sys/net/if_tun.c:521
spec_close(ffff8000377e7950) at spec_close+0x2d4 sys/kern/spec_vnops.c:538
VOP_CLOSE(fffffd8073304020,7,fffffd807f7d7548,ffff80002a6e42b0) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:156
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 sys/kern/vfs_vnops.c:609
fdrop(fffffd807544fca8,ffff80002a6e42b0) at fdrop+0xd5 sys/kern/kern_descrip.c:1274
closef(fffffd807544fca8,ffff80002a6e42b0) at closef+0x11b sys/kern/kern_descrip.c:1258
fdfree(ffff80002a6e42b0) at fdfree+0xe3 sys/kern/kern_descrip.c:1190
exit1(ffff80002a6e42b0,0,9,1) at exit1+0x371 sys/kern/kern_exit.c:199
sigexit(ffff80002a6e42b0,9) at sigexit+0xcd sys/kern/kern_sig.c:1594
postsig(ffff80002a6e42b0,9,ffff8000377e7d28) at postsig+0x554 sys/kern/kern_sig.c:1521
userret(ffff80002a6e42b0) at userret+0x14e sys/kern/kern_sig.c:2017
syscall(ffff8000377e7e60) at syscall+0x7e8 mi_syscall_return sys/sys/syscall_mi.h:207 [inline]
syscall(ffff8000377e7e60) at syscall+0x7e8 sys/arch/amd64/amd64/trap.c:598
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c411075cde0, count: -22
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292d383) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff828e2473,ffffffff828addbc,2ad,ffffffff828aad51) at __assert+0x29 sys/kern/subr_prf.c:157
nd6_free(fffffd80736ad548) at nd6_free+0x1f4 sys/netinet6/nd6.c:685
nd6_purge(ffff800000e98800) at nd6_purge+0xf6 sys/netinet6/nd6.c:486
in6_ifdetach(ffff800000e98800) at in6_ifdetach+0xa8 sys/netinet6/in6_ifattach.c:437
if_detach(ffff800000e98800) at if_detach+0x237 sys/net/if.c:1220
tun_clone_destroy(ffff800000e98800) at tun_clone_destroy+0x1ce sys/net/if_tun.c:339
if_clone_destroy(ffff8000377e7880) at if_clone_destroy+0x132 sys/net/if.c:1384
tun_dev_close(5d02,7) at tun_dev_close+0x141 sys/net/if_tun.c:521
spec_close(ffff8000377e7950) at spec_close+0x2d4 sys/kern/spec_vnops.c:538
VOP_CLOSE(fffffd8073304020,7,fffffd807f7d7548,ffff80002a6e42b0) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:156
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 sys/kern/vfs_vnops.c:609
fdrop(fffffd807544fca8,ffff80002a6e42b0) at fdrop+0xd5 sys/kern/kern_descrip.c:1274
closef(fffffd807544fca8,ffff80002a6e42b0) at closef+0x11b sys/kern/kern_descrip.c:1258
fdfree(ffff80002a6e42b0) at fdfree+0xe3 sys/kern/kern_descrip.c:1190
exit1(ffff80002a6e42b0,0,9,1) at exit1+0x371 sys/kern/kern_exit.c:199
sigexit(ffff80002a6e42b0,9) at sigexit+0xcd sys/kern/kern_sig.c:1594
postsig(ffff80002a6e42b0,9,ffff8000377e7d28) at postsig+0x554 sys/kern/kern_sig.c:1521
userret(ffff80002a6e42b0) at userret+0x14e sys/kern/kern_sig.c:2017
syscall(ffff8000377e7e60) at syscall+0x7e8 mi_syscall_return sys/sys/syscall_mi.h:207 [inline]
syscall(ffff8000377e7e60) at syscall+0x7e8 sys/arch/amd64/amd64/trap.c:598
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c411075cde0, count: -22
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 3ed32226cff5 proc_trampoline_mp() was replaced by proc_tra..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=153144f7180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=60bfc238013b71f7eb2e
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/23a3f696d614/disk-3ed32226.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/4e736cdaa4b7/bsd-3ed32226.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a3b944f18694/kernel-3ed32226.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+60bfc2...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "!ISSET(rt->rt_flags, RTF_LOCAL)" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 685
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292d383) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff828e2473,ffffffff828addbc,2ad,ffffffff828aad51) at __assert+0x29 sys/kern/subr_prf.c:157
nd6_free(fffffd80736ad548) at nd6_free+0x1f4 sys/netinet6/nd6.c:685
nd6_purge(ffff800000e98800) at nd6_purge+0xf6 sys/netinet6/nd6.c:486
in6_ifdetach(ffff800000e98800) at in6_ifdetach+0xa8 sys/netinet6/in6_ifattach.c:437
if_detach(ffff800000e98800) at if_detach+0x237 sys/net/if.c:1220
tun_clone_destroy(ffff800000e98800) at tun_clone_destroy+0x1ce sys/net/if_tun.c:339
if_clone_destroy(ffff8000377e7880) at if_clone_destroy+0x132 sys/net/if.c:1384
tun_dev_close(5d02,7) at tun_dev_close+0x141 sys/net/if_tun.c:521
spec_close(ffff8000377e7950) at spec_close+0x2d4 sys/kern/spec_vnops.c:538
VOP_CLOSE(fffffd8073304020,7,fffffd807f7d7548,ffff80002a6e42b0) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:156
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 sys/kern/vfs_vnops.c:609
fdrop(fffffd807544fca8,ffff80002a6e42b0) at fdrop+0xd5 sys/kern/kern_descrip.c:1274
end trace frame: 0xffff8000377e7ad0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "!ISSET(rt->rt_flags, RTF_LOCAL)" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 685
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292d383) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff828e2473,ffffffff828addbc,2ad,ffffffff828aad51) at __assert+0x29 sys/kern/subr_prf.c:157
nd6_free(fffffd80736ad548) at nd6_free+0x1f4 sys/netinet6/nd6.c:685
nd6_purge(ffff800000e98800) at nd6_purge+0xf6 sys/netinet6/nd6.c:486
in6_ifdetach(ffff800000e98800) at in6_ifdetach+0xa8 sys/netinet6/in6_ifattach.c:437
if_detach(ffff800000e98800) at if_detach+0x237 sys/net/if.c:1220
tun_clone_destroy(ffff800000e98800) at tun_clone_destroy+0x1ce sys/net/if_tun.c:339
if_clone_destroy(ffff8000377e7880) at if_clone_destroy+0x132 sys/net/if.c:1384
tun_dev_close(5d02,7) at tun_dev_close+0x141 sys/net/if_tun.c:521
spec_close(ffff8000377e7950) at spec_close+0x2d4 sys/kern/spec_vnops.c:538
VOP_CLOSE(fffffd8073304020,7,fffffd807f7d7548,ffff80002a6e42b0) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:156
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 sys/kern/vfs_vnops.c:609
fdrop(fffffd807544fca8,ffff80002a6e42b0) at fdrop+0xd5 sys/kern/kern_descrip.c:1274
closef(fffffd807544fca8,ffff80002a6e42b0) at closef+0x11b sys/kern/kern_descrip.c:1258
fdfree(ffff80002a6e42b0) at fdfree+0xe3 sys/kern/kern_descrip.c:1190
exit1(ffff80002a6e42b0,0,9,1) at exit1+0x371 sys/kern/kern_exit.c:199
sigexit(ffff80002a6e42b0,9) at sigexit+0xcd sys/kern/kern_sig.c:1594
postsig(ffff80002a6e42b0,9,ffff8000377e7d28) at postsig+0x554 sys/kern/kern_sig.c:1521
userret(ffff80002a6e42b0) at userret+0x14e sys/kern/kern_sig.c:2017
syscall(ffff8000377e7e60) at syscall+0x7e8 mi_syscall_return sys/sys/syscall_mi.h:207 [inline]
syscall(ffff8000377e7e60) at syscall+0x7e8 sys/arch/amd64/amd64/trap.c:598
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c411075cde0, count: -22
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000377e7590
rbx 0xfffffd8069ea94e0
rdx 0
rcx 0
rax 0xffff80002a6e42b0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x37c66624c739255a
r11 0xf9a25ef8f5ae5af7
r12 0
r13 0x200000 acpi_pdirpa+0x1ebe71
r14 0
r15 0x1
rip 0xffffffff8145b06c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff8000377e7580
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.2) tid=338735 pid=16860 tcnt=1 stat=onproc
flags process=800000a<EXEC,EXITING> proc=2000<WEXIT>
runpri=32, usrpri=51, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002f51f750,0xffff80002a62ca60
process=0xffff8000ffff7250 user=0xffff8000377e2000, vmspace=0xfffffd80696236c8
estcpu=1, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
24821 356425 0 0 3 0x14200 acct acct
28336 253495 65437 0 2 0x8000002 syz-executor.7
69801 95301 65437 0 2 0x8000002 syz-executor.5
65644 251908 65437 0 2 0x8000002 syz-executor.3
3991 391616 0 0 3 0x14200 bored sosplice
65437 513486 63793 0 3 0x1a000082 thrsleep syz-fuzzer
65437 226431 63793 0 3 0x1e000082 thrsleep syz-fuzzer
65437 211597 63793 0 3 0x1e000082 wait syz-fuzzer
65437 458163 63793 0 3 0x1e000082 wait syz-fuzzer
65437 384943 63793 0 3 0x1e000082 wait syz-fuzzer
65437 54850 63793 0 3 0x1e000082 thrsleep syz-fuzzer
65437 101452 63793 0 3 0x1e000082 wait syz-fuzzer
65437 39280 63793 0 3 0x1e000082 wait syz-fuzzer
65437 448177 63793 0 3 0x1e000082 wait syz-fuzzer
65437 218683 63793 0 3 0x1e000082 thrsleep syz-fuzzer
65437 325138 63793 0 3 0x1e000082 wait syz-fuzzer
65437 63196 63793 0 3 0x1e000082 wait syz-fuzzer
65437 300223 63793 0 3 0x1e000082 kqread syz-fuzzer
65437 422310 63793 0 3 0x1e000082 thrsleep syz-fuzzer
63793 513150 37199 0 3 0x810008a sigsusp ksh
37199 92836 27674 0 3 0x1800009a kqread sshd
94593 253184 1 0 3 0x18100083 ttyin getty
27674 122481 1 0 3 0x18000088 kqread sshd
70339 148074 83712 73 3 0x19100010 ffs_fsync syslogd
83712 108102 1 0 3 0x18100082 sbwait syslogd
45674 5139 1 0 3 0x18100080 kqread resolvd
65900 398341 78505 77 3 0x18100092 kqread dhcpleased
7029 369069 78505 77 3 0x18100092 kqread dhcpleased
78505 345215 1 0 3 0x18000080 kqread dhcpleased
94794 172737 0 0 3 0x14200 bored smr
81152 96748 0 0 2 0x14200 zerothread
15020 283619 0 0 3 0x14200 aiodoned aiodoned
90808 197573 0 0 2 0x14600 update
84564 242459 0 0 3 0x14200 cleaner cleaner
75331 170354 0 0 2 0x14200 reaper
7709 299432 0 0 3 0x14200 pgdaemon pagedaemon
23988 425230 0 0 3 0x14200 bored viomb
97774 130340 0 0 3 0x40014200 acpi0 acpi0
60704 136372 0 0 3 0x14200 bored softnet3
92183 226179 0 0 3 0x14200 bored softnet2
99717 163251 0 0 3 0x14200 bored softnet1
3147 394093 0 0 3 0x14200 bored softnet0
58151 379407 0 0 2 0x14200 systqmp
6000 513091 0 0 3 0x14200 bored systq
61635 386884 0 0 2 0x40014200 softclock
27160 377597 0 0 3 0x40014200 idle0
1 49401 0 0 3 0x8000082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10172 6412K 6877K 166960K 12876 0
pcb 17 12K 12K 166960K 152 0
rtable 210 6K 8K 166960K 1116 0
pf 29 8K 9K 166960K 98 0
ifaddr 39 10K 11K 166960K 149 0
ifgroup 50 2K 2K 166960K 169 0
sysctl 3 0K 0K 166960K 5 0
counters 30 17K 17K 166960K 62 0
ioctlops 0 0K 2K 166960K 130 0
iov 0 0K 24K 166960K 198 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1420 89K 90K 166960K 2625 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 52 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 117 0
dirhash 12 2K 2K 166960K 30 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 10 33K 97K 166960K 1491 0
sigio 0 0K 0K 166960K 45 0
proc 58 59K 116K 166960K 1176 0
subproc 104 6K 6K 166960K 390 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 147 0
in_multi 83 6K 7K 166960K 368 0
ether_multi 1 0K 0K 166960K 9 0
mrt 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 109 493K 493K 166960K 109 0
exec 0 0K 1K 166960K 750 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 274 103K 111K 166960K 14234 0
UVM aobj 131 6K 6K 166960K 146 0
pinsyscall 30 60K 100K 166960K 3202 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 85 0
NDP 11 0K 2K 166960K 103 0
temp 74 6812K 6891K 166960K 56644 0
kqueue 12 18K 26K 166960K 199 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 251 0 248 3 0 3 3 0 8 2
rtentry 112 380 0 285 4 0 4 4 0 8 0
unpcb 144 846 0 833 3 0 3 3 0 8 2
syncache 336 4 0 4 1 0 1 1 0 8 1
tcpqe 32 17 0 17 1 0 1 1 0 8 1
tcpcb 808 398 0 393 8 0 8 8 0 8 7
arp 88 68 0 52 1 0 1 1 0 8 0
ipq 40 4 0 3 1 0 1 1 0 8 0
ipqe 40 56 0 55 1 0 1 1 0 8 0
inpcb 360 1391 0 1383 8 0 8 8 0 8 7
nd6 104 99 0 76 1 0 1 1 0 8 0
pkpcb 40 10 0 10 1 0 1 1 0 8 1
kcovpl 48 30 0 22 1 0 1 1 0 8 0
ppxss 1072 7 0 7 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1461 0 1034 40 11 29 29 0 8 0
art_table 32 1462 0 1034 4 0 4 4 0 8 0
art_node 16 375 0 277 1 0 1 1 0 8 0
sysvmsgpl 40 29 0 24 1 0 1 1 0 8 0
semupl 112 4 0 4 1 0 1 1 0 8 1
semapl 112 113 0 103 1 0 1 1 0 8 0
shmpl 112 143 0 15 4 0 4 4 0 8 0
dirhash 1024 29 0 12 3 0 3 3 0 8 0
dino2pl 256 3498 0 1986 96 0 96 96 0 8 0
ffsino 240 3498 0 1986 90 0 90 90 0 8 0
nchpl 144 5591 0 3861 66 0 66 66 0 8 0
uvmvnodes 80 4507 0 0 92 0 92 92 0 8 0
vnodes 216 4507 0 0 251 0 251 251 0 8 0
namei 1024 20533 0 20533 2 0 2 2 0 8 2
vcpupl 3904 4 0 1 1 0 1 1 0 8 0
vmpool 664 11 0 8 1 0 1 1 0 8 0
kstatmem 264 86 0 64 2 0 2 2 0 8 0
scsiplug 72 6 0 6 1 0 1 1 0 8 1
scxspl 216 38322 0 38321 8 0 8 8 1 8 7
plimitpl 152 190 0 174 1 0 1 1 0 8 0
sigapl 424 1766 0 1722 9 0 9 9 0 8 2
futexpl 64 19044 0 19044 1 0 1 1 0 8 1
knotepl 120 6030 0 5958 12 0 12 12 0 8 8
kqueuepl 184 358 0 350 1 0 1 1 0 8 0
pipepl 288 387 0 364 7 0 7 7 0 8 4
fdescpl 432 1728 0 1707 5 0 5 5 0 8 1
filepl 120 10417 0 10194 16 1 15 16 0 8 7
lockfpl 104 254 0 252 1 0 1 1 0 8 0
lockfspl 48 107 0 105 1 0 1 1 0 8 0
sessionpl 144 45 0 29 1 0 1 1 0 8 0
pgrppl 48 65 0 49 1 0 1 1 0 8 0
ucredpl 104 1673 0 1663 1 0 1 1 0 8 0
zombiepl 144 1732 0 1722 1 0 1 1 0 8 0
processpl 1072 1766 0 1722 5 0 5 5 0 8 0
procpl 656 3103 0 3041 9 0 9 9 0 8 2
sosppl 168 13 0 13 1 0 1 1 0 8 1
sockpl 504 2518 0 2494 21 10 11 18 0 8 8
mcl64k 65536 3 0 3 1 0 1 1 0 8 1
mcl12k 12288 14 0 14 1 0 1 1 0 8 1
mcl9k 9216 17 0 17 1 0 1 1 0 8 1
mcl8k 8192 20 0 20 1 0 1 1 0 8 1
mcl4k 4096 10 0 10 1 0 1 1 0 8 1
mcl2k2 2112 1 0 1 1 0 1 1 0 8 1
mcl2k 2048 26343 0 26245 38 18 20 38 0 8 6
mtagpl 96 32 0 29 1 0 1 1 0 8 0
mbufpl 256 76771 0 76611 83 57 26 65 0 8 8
bufpl 280 9838 0 2888 497 0 497 497 0 8 0
anonpl 24 367002 0 356303 66 0 66 66 0 188 0
amapchunkpl 152 47538 0 46644 38 0 38 38 0 158 0
amappl16 200 8500 0 8372 23 7 16 19 0 8 8
amappl15 192 15 0 15 1 0 1 1 0 8 1
amappl14 184 212 0 201 2 0 2 2 0 8 1
amappl13 176 17 0 17 1 0 1 1 0 8 1
amappl12 168 2683 0 2656 2 0 2 2 0 8 0
amappl11 160 67 0 57 1 0 1 1 0 8 0
amappl10 152 63 0 53 1 0 1 1 0 8 0
amappl9 144 163 0 162 1 0 1 1 0 8 0
amappl8 136 162 0 133 2 0 2 2 0 8 0
amappl7 128 65 0 52 1 0 1 1 0 8 0
amappl6 120 665 0 650 2 0 2 2 0 8 1
amappl5 112 264 0 252 1 0 1 1 0 8 0
amappl4 104 654 0 625 2 0 2 2 0 8 1
amappl3 96 9328 0 9253 3 0 3 3 0 8 0
amappl2 88 2216 0 2144 4 0 4 4 0 8 2
amappl1 80 15045 0 14544 22 2 20 22 0 8 8
amappl 88 13489 0 13305 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 145 0 15 3 0 3 3 0 8 0
uaddrrnd 24 1739 0 1711 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1739 0 1711 1 0 1 1 0 8 0
vmmpekpl 168 16802 0 16739 4 0 4 4 0 8 0
vmmpepl 168 128057 0 126276 112 0 112 112 0 357 27
vmsppl 344 1738 0 1710 4 0 4 4 0 8 0
rwobjpl 24 41776 0 36077 35 0 35 35 0 8 0
pdppl 4096 3484 0 3423 194 127 67 83 0 8 6
pvpl 32 915414 0 897857 361 14 347 361 0 265 194
pmappl 216 1738 0 1710 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 590 0 223 12 0 12 12 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292d383) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff828e2473,ffffffff828addbc,2ad,ffffffff828aad51) at __assert+0x29 sys/kern/subr_prf.c:157
nd6_free(fffffd80736ad548) at nd6_free+0x1f4 sys/netinet6/nd6.c:685
nd6_purge(ffff800000e98800) at nd6_purge+0xf6 sys/netinet6/nd6.c:486
in6_ifdetach(ffff800000e98800) at in6_ifdetach+0xa8 sys/netinet6/in6_ifattach.c:437
if_detach(ffff800000e98800) at if_detach+0x237 sys/net/if.c:1220
tun_clone_destroy(ffff800000e98800) at tun_clone_destroy+0x1ce sys/net/if_tun.c:339
if_clone_destroy(ffff8000377e7880) at if_clone_destroy+0x132 sys/net/if.c:1384
tun_dev_close(5d02,7) at tun_dev_close+0x141 sys/net/if_tun.c:521
spec_close(ffff8000377e7950) at spec_close+0x2d4 sys/kern/spec_vnops.c:538
VOP_CLOSE(fffffd8073304020,7,fffffd807f7d7548,ffff80002a6e42b0) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:156
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 sys/kern/vfs_vnops.c:609
fdrop(fffffd807544fca8,ffff80002a6e42b0) at fdrop+0xd5 sys/kern/kern_descrip.c:1274
closef(fffffd807544fca8,ffff80002a6e42b0) at closef+0x11b sys/kern/kern_descrip.c:1258
fdfree(ffff80002a6e42b0) at fdfree+0xe3 sys/kern/kern_descrip.c:1190
exit1(ffff80002a6e42b0,0,9,1) at exit1+0x371 sys/kern/kern_exit.c:199
sigexit(ffff80002a6e42b0,9) at sigexit+0xcd sys/kern/kern_sig.c:1594
postsig(ffff80002a6e42b0,9,ffff8000377e7d28) at postsig+0x554 sys/kern/kern_sig.c:1521
userret(ffff80002a6e42b0) at userret+0x14e sys/kern/kern_sig.c:2017
syscall(ffff8000377e7e60) at syscall+0x7e8 mi_syscall_return sys/sys/syscall_mi.h:207 [inline]
syscall(ffff8000377e7e60) at syscall+0x7e8 sys/arch/amd64/amd64/trap.c:598
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c411075cde0, count: -22
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8292d383) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff828e2473,ffffffff828addbc,2ad,ffffffff828aad51) at __assert+0x29 sys/kern/subr_prf.c:157
nd6_free(fffffd80736ad548) at nd6_free+0x1f4 sys/netinet6/nd6.c:685
nd6_purge(ffff800000e98800) at nd6_purge+0xf6 sys/netinet6/nd6.c:486
in6_ifdetach(ffff800000e98800) at in6_ifdetach+0xa8 sys/netinet6/in6_ifattach.c:437
if_detach(ffff800000e98800) at if_detach+0x237 sys/net/if.c:1220
tun_clone_destroy(ffff800000e98800) at tun_clone_destroy+0x1ce sys/net/if_tun.c:339
if_clone_destroy(ffff8000377e7880) at if_clone_destroy+0x132 sys/net/if.c:1384
tun_dev_close(5d02,7) at tun_dev_close+0x141 sys/net/if_tun.c:521
spec_close(ffff8000377e7950) at spec_close+0x2d4 sys/kern/spec_vnops.c:538
VOP_CLOSE(fffffd8073304020,7,fffffd807f7d7548,ffff80002a6e42b0) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:156
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd807544fca8,ffff80002a6e42b0) at vn_closefile+0xd5 sys/kern/vfs_vnops.c:609
fdrop(fffffd807544fca8,ffff80002a6e42b0) at fdrop+0xd5 sys/kern/kern_descrip.c:1274
closef(fffffd807544fca8,ffff80002a6e42b0) at closef+0x11b sys/kern/kern_descrip.c:1258
fdfree(ffff80002a6e42b0) at fdfree+0xe3 sys/kern/kern_descrip.c:1190
exit1(ffff80002a6e42b0,0,9,1) at exit1+0x371 sys/kern/kern_exit.c:199
sigexit(ffff80002a6e42b0,9) at sigexit+0xcd sys/kern/kern_sig.c:1594
postsig(ffff80002a6e42b0,9,ffff8000377e7d28) at postsig+0x554 sys/kern/kern_sig.c:1521
userret(ffff80002a6e42b0) at userret+0x14e sys/kern/kern_sig.c:2017
syscall(ffff8000377e7e60) at syscall+0x7e8 mi_syscall_return sys/sys/syscall_mi.h:207 [inline]
syscall(ffff8000377e7e60) at syscall+0x7e8 sys/arch/amd64/amd64/trap.c:598
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c411075cde0, count: -22
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages