assert "ifa == rt->rt_ifa" failed in nd6.c (4)
0 views
Skip to first unread message
syzbot
Dec 14, 2022, 8:21:40 PM12/14/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 635d3c69cac3 regen
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11fee0ab880000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=e1a22f33c4a5bc5b98ed
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/18be6efb302c/disk-635d3c69.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/d5366301b831/bsd-635d3c69.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8ca3ce595c37/kernel-635d3c69.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e1a22f...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "ifa == rt->rt_ifa" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet6/nd6.c", line 910
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
109391 26667 0 0 0 0 syz-executor.7
* 31650 26667 0 0 0x4000000 1K syz-executor.7
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825abdbc) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff82622021,ffffffff82615ff1,38e,ffffffff825c145e) at __assert+0x25 sys/kern/subr_prf.c:157
nd6_rtrequest(ffff800000c34800,b,fffffd806ee55540) at nd6_rtrequest+0x8bc sys/netinet6/nd6.c:910
rtrequest(b,ffff80002ff84bd8,3,ffff80002ff84c78,0) at rtrequest+0xa2a sys/net/route.c:969
rt_clone(ffff80002ff84ce8,fffffd805ac6aac8,0) at rt_clone+0x78 sys/net/route.c:257
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc rt_match sys/net/route.c:235 [inline]
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc sys/net/route.c:350
in6_selectroute(ffff80002ff84e20,ffff800000bed400,fffffd805ac6aab8,0) at in6_selectroute+0x12d sys/netinet6/in6_src.c:344
ip6_output(fffffd8058a8b700,ffff800000bed400,fffffd805ac6aab8,0,0,fffffd805ac6aa40) at ip6_output+0xcc5 sys/netinet6/ip6_output.c:472
rip6_output(fffffd8058a8b700,fffffd805ac40da0,ffff80002ff85068,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:516
rip6_send(fffffd805ac40da0,fffffd8058a8b700,0,0) at rip6_send+0x11b sys/netinet6/raw_ip6.c:770
sosend(fffffd805ac40da0,0,ffff80002ff85278,0,0,0) at sosend+0x69e
dofilewritev(ffff8000239627e8,4,ffff80002ff85278,0,ffff80002ff85360) at dofilewritev+0x19c sys/kern/sys_generic.c:375
sys_write(ffff8000239627e8,ffff80002ff85318,ffff80002ff85360) at sys_write+0x83 sys/kern/sys_generic.c:295
end trace frame: 0xffff80002ff853d0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: kernel diagnostic assertion "ifa == rt->rt_ifa" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet6/nd6.c", line 910
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825abdbc) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff82622021,ffffffff82615ff1,38e,ffffffff825c145e) at __assert+0x25 sys/kern/subr_prf.c:157
nd6_rtrequest(ffff800000c34800,b,fffffd806ee55540) at nd6_rtrequest+0x8bc sys/netinet6/nd6.c:910
rtrequest(b,ffff80002ff84bd8,3,ffff80002ff84c78,0) at rtrequest+0xa2a sys/net/route.c:969
rt_clone(ffff80002ff84ce8,fffffd805ac6aac8,0) at rt_clone+0x78 sys/net/route.c:257
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc rt_match sys/net/route.c:235 [inline]
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc sys/net/route.c:350
in6_selectroute(ffff80002ff84e20,ffff800000bed400,fffffd805ac6aab8,0) at in6_selectroute+0x12d sys/netinet6/in6_src.c:344
ip6_output(fffffd8058a8b700,ffff800000bed400,fffffd805ac6aab8,0,0,fffffd805ac6aa40) at ip6_output+0xcc5 sys/netinet6/ip6_output.c:472
rip6_output(fffffd8058a8b700,fffffd805ac40da0,ffff80002ff85068,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:516
rip6_send(fffffd805ac40da0,fffffd8058a8b700,0,0) at rip6_send+0x11b sys/netinet6/raw_ip6.c:770
sosend(fffffd805ac40da0,0,ffff80002ff85278,0,0,0) at sosend+0x69e
dofilewritev(ffff8000239627e8,4,ffff80002ff85278,0,ffff80002ff85360) at dofilewritev+0x19c sys/kern/sys_generic.c:375
sys_write(ffff8000239627e8,ffff80002ff85318,ffff80002ff85360) at sys_write+0x83 sys/kern/sys_generic.c:295
syscall(ffff80002ff853e0) at syscall+0x4c2 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002ff853e0) at syscall+0x4c2 sys/arch/amd64/amd64/trap.c:599
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf969284f7b0, count: -16
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002ff84920
rbx 0xffff800020dd9b8f
rdx 0xffff800000d19f80
rcx 0
rax 0xffff8000239627e8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x676f696919ef514a
r11 0x6039639db2ab8634
r12 0xffff800020dd9990
r13 0
r14 0
r15 0x1
rip 0xffffffff81176258 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002ff84910
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.7) pid=31650 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff800023963a48,0xffffffff82a522c0
process=0xffff8000296210d8 user=0xffff80002ff80000, vmspace=0xfffffd80649c28c8
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
90289 468676 90829 0 2 0 syz-executor.2
90289 174876 90829 0 3 0x4000080 fsleep syz-executor.2
26667 109391 77131 0 7 0 syz-executor.7
*26667 31650 77131 0 7 0x4000000 syz-executor.7
96388 181965 17550 0 3 0x90 nanoslp syz-executor.1
96388 248433 17550 0 3 0x4000090 fsleep syz-executor.1
96388 250735 17550 0 3 0x4000090 fsleep syz-executor.1
96388 55459 17550 0 3 0x4000090 fsleep syz-executor.1
56824 112137 81010 0 2 0 syz-executor.0
56824 478904 81010 0 3 0x4000080 fsleep syz-executor.0
51371 486060 68560 0 2 0 syz-executor.4
51371 72828 68560 0 3 0x4000080 netcon2 syz-executor.4
51371 444338 68560 0 2 0x4000000 syz-executor.4
68847 3207 95204 0 2 0 syz-executor.6
68847 450687 95204 0 3 0x4000080 fsleep syz-executor.6
99797 224372 52973 0 2 0 syz-executor.5
99797 47 52973 0 3 0x4000080 fsleep syz-executor.5
80000 274622 78505 0 3 0x80 nanoslp syz-executor.3
80000 274333 78505 0 3 0x4000080 fifor syz-executor.3
80000 109437 78505 0 2 0x4000000 syz-executor.3
80000 92565 78505 0 2 0x4000000 syz-executor.3
80000 252342 78505 0 3 0x4000080 fsleep syz-executor.3
80000 137255 78505 0 3 0x4000080 fsleep syz-executor.3
80000 354816 78505 0 2 0x4000000 syz-executor.3
78505 188274 74546 0 3 0x82 nanoslp syz-executor.3
77131 178108 74546 0 3 0x82 nanoslp syz-executor.7
95204 360848 74546 0 3 0x82 nanoslp syz-executor.6
81010 174481 74546 0 3 0x82 nanoslp syz-executor.0
72711 373491 0 0 3 0x14280 nfsidl nfsio
18115 186775 0 0 3 0x14280 nfsidl nfsio
98992 500899 0 0 3 0x14280 nfsidl nfsio
64183 332913 0 0 3 0x14280 nfsidl nfsio
38714 521479 0 0 3 0x14280 nfsidl nfsio
85740 270957 0 0 3 0x14280 nfsidl nfsio
62964 403244 0 0 3 0x14280 nfsidl nfsio
31819 250254 0 0 3 0x14280 nfsidl nfsio
96403 68608 0 0 3 0x14280 nfsidl nfsio
9110 380394 0 0 3 0x14280 nfsidl nfsio
41999 105279 0 0 3 0x14280 nfsidl nfsio
7528 132658 0 0 3 0x14280 nfsidl nfsio
42900 109184 0 0 3 0x14280 nfsidl nfsio
15894 388798 0 0 3 0x14280 nfsidl nfsio
11120 222222 0 0 3 0x14280 nfsidl nfsio
96002 521736 0 0 3 0x14280 nfsidl nfsio
18599 434841 0 0 3 0x14280 nfsidl nfsio
57337 69866 0 0 3 0x14280 nfsidl nfsio
50494 228006 0 0 3 0x14280 nfsidl nfsio
10197 426344 0 0 3 0x14280 nfsidl nfsio
17550 456919 74546 0 3 0x82 nanoslp syz-executor.1
68560 463124 74546 0 3 0x82 nanoslp syz-executor.4
52973 236310 74546 0 3 0x82 nanoslp syz-executor.5
90829 9125 74546 0 3 0x82 nanoslp syz-executor.2
22376 466762 0 0 3 0x14200 bored sosplice
93307 416483 27381 0 3 0x100082 netio arp
27381 498653 1 0 3 0x10008a sigsusp sh
74546 251940 12642 0 3 0x82 wait syz-fuzzer
74546 383283 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 355543 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 242055 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 55108 12642 0 3 0x4000082 wait syz-fuzzer
74546 4799 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 473902 12642 0 3 0x4000082 wait syz-fuzzer
74546 59728 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 71450 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 42467 12642 0 3 0x4000082 wait syz-fuzzer
74546 322811 12642 0 3 0x4000082 kqread syz-fuzzer
74546 168180 12642 0 3 0x4000082 wait syz-fuzzer
74546 304594 12642 0 3 0x4000082 wait syz-fuzzer
74546 255832 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 46192 12642 0 3 0x4000082 wait syz-fuzzer
74546 491007 12642 0 3 0x4000082 wait syz-fuzzer
12642 252752 89527 0 3 0x10008a sigsusp ksh
89527 310882 36520 0 3 0x9a kqread sshd
42701 377558 1 0 3 0x100083 ttyin getty
36520 266744 1 0 3 0x88 kqread sshd
26727 523845 38662 74 3 0x1100092 bpf pflogd
38662 289229 1 0 3 0x80 netio pflogd
95032 496976 26810 73 3 0x1100090 kqread syslogd
26810 17956 1 0 3 0x100082 netio syslogd
68172 51886 1 0 3 0x100080 kqread resolvd
27472 280944 0 0 3 0x14200 bored smr
93169 335191 0 0 2 0x14200 zerothread
74538 191411 0 0 3 0x14200 aiodoned aiodoned
53021 320270 0 0 3 0x14200 syncer update
83717 521920 0 0 3 0x14200 cleaner cleaner
58823 427937 0 0 3 0x14200 reaper reaper
61557 120284 0 0 3 0x14200 pgdaemon pagedaemon
93753 49551 0 0 3 0x14200 bored viomb
38500 307665 0 0 3 0x40014200 acpi0 acpi0
3004 259676 0 0 3 0x40014200 idle1
83103 170877 0 0 3 0x14200 bored softnet
6123 27172 0 0 3 0x14200 bored softnet
24313 300558 0 0 3 0x14200 bored softnet
61925 286468 0 0 3 0x14200 bored softnet
22775 493838 0 0 3 0x14200 bored systqmp
63777 383860 0 0 3 0x14200 bored systq
21376 477386 0 0 3 0x40014200 bored softclock
6029 336370 0 0 3 0x40014200 idle0
1 63131 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 26667 (syz-executor.7) thread 0xffff8000239627e8 (31650)
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10219 6518K 6924K 78643K 47122 0
pcb 15 22K 26K 78643K 4036 0
rtable 203 16K 17K 78643K 10737 0
ifaddr 208 52K 52K 78643K 2967 0
sysctl 3 1K 1K 78643K 5 0
counters 64 36K 37K 78643K 2630 0
ioctlops 0 0K 4K 78643K 7609 0
iov 0 0K 28K 78643K 2254 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1748 109K 109K 78643K 24579 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 226 0
VM map 2 1K 1K 78643K 2 0
sem 16 10K 20K 78643K 676 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 20 73K 89K 78643K 37037 0
sigio 0 0K 0K 78643K 735 0
proc 66 67K 127K 78643K 2397 0
subproc 117 7K 10K 78643K 680 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 1153 0
in_multi 92 6K 6K 78643K 1792 0
ether_multi 1 0K 0K 78643K 82 0
mrt 1 0K 0K 78643K 51 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 79 360K 360K 78643K 79 0
exec 0 0K 1K 78643K 3686 0
pfkey data 0 0K 0K 78643K 3 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 574 582K 587K 78643K 258294 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 2 0K 0K 78643K 3076 0
NDP 17 0K 1K 78643K 569 0
temp 150 4699K 70235K 78643K 236654 0
kqueue 7 12K 30K 78643K 5880 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 1352 0 1350 14 13 1 3 0 8 0
rtentry 112 4644 0 4560 4 1 3 4 0 8 0
unpcb 144 35515 0 35503 221 215 6 10 0 8 5
syncache 296 41 0 41 14 14 0 1 0 8 0
tcpqe 32 129 0 129 5 5 0 1 0 8 0
tcpcb 776 49827 0 49821 485 477 8 24 0 8 7
arp 120 719 0 705 1 0 1 1 0 8 0
inpcb 368 92549 0 92508 789 782 7 23 0 8 3
nd6 48 177 0 157 1 0 1 1 0 8 0
pkpcb 40 36 0 35 10 9 1 1 0 8 0
kcovpl 48 47 0 38 1 0 1 1 0 8 0
mppekey 1024 7 0 7 3 3 0 1 0 8 0
ppxss 1256 900 0 900 19 18 1 1 0 8 1
pppxif 1448 804 0 804 17 16 1 1 0 8 1
pfstscr 40 78 0 77 1 0 1 1 0 8 0
pffrag 232 59 0 57 8 7 1 1 0 482 0
pffrnode 88 59 0 57 8 7 1 1 0 8 0
pffrent 40 236 0 234 9 8 1 1 0 8 0
pfosfp 40 1453 0 1028 5 0 5 5 0 8 0
pfosfpen 112 1453 0 737 21 0 21 21 0 8 0
pfanchor 1280 1899 188 1387 49 6 43 43 0 8 0
pfqueue 264 4 0 4 1 1 0 1 0 8 0
pfstitem 24 121 0 117 1 0 1 1 0 8 0
pfstkey 120 267 0 263 3 2 1 3 0 8 0
pfstate 384 189 0 186 11 10 1 9 0 8 0
pfrule 1344 21 0 20 2 1 1 2 0 8 0
rttmr 136 7 0 7 3 3 0 1 0 8 0
art_heap8 4096 147 0 146 28 26 2 15 0 8 1
art_heap4 256 7303 0 6905 68 42 26 31 0 8 0
art_table 32 7450 0 7051 5 0 5 5 0 8 0
art_node 16 3947 0 3875 1 0 1 1 0 8 0
sysvmsgpl 40 31 0 31 1 1 0 1 0 8 0
semupl 112 22 0 22 2 2 0 1 0 8 0
semapl 112 631 0 617 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 53982 0 52476 95 0 95 95 0 8 0
ffsino 272 53982 0 52476 102 0 102 102 0 8 0
nchpl 144 102925 0 101278 63 0 63 63 0 8 0
rtmask 32 10 0 10 4 4 0 1 0 8 0
uvmvnodes 80 6562 0 0 134 0 134 134 0 8 0
vnodes 216 6562 0 0 365 0 365 365 0 8 0
namei 1024 359620 0 359620 5 4 1 2 0 8 1
percpumem 16 1327 0 1283 1 0 1 1 0 8 0
vcpupl 2048 32 0 0 4 0 4 4 0 8 0
vmpool 568 43 0 11 3 0 3 3 0 8 0
kstatmem 264 896 0 862 6 3 3 3 0 8 0
scsiplug 72 6 0 6 2 2 0 1 0 8 0
scxspl 216 277880 0 277880 42 39 3 8 0 8 3
plimitpl 152 1684 0 1668 1 0 1 1 0 8 0
sigapl 424 37314 0 37246 12 4 8 9 0 8 0
futexpl 64 378348 0 378340 2 1 1 1 0 8 0
knotepl 120 1523 0 0 14 3 11 11 0 8 0
kqueuepl 216 12095 0 12089 69 65 4 9 0 8 3
pipepl 320 6602 0 6571 241 231 10 13 0 8 7
fdescpl 496 37249 0 37219 5 0 5 5 0 8 0
filepl 152 305676 0 305393 323 305 18 24 0 8 5
lockfpl 104 9027 0 9026 13 12 1 2 0 8 0
lockfspl 48 2808 0 2807 1 0 1 1 0 8 0
sessionpl 144 63 0 46 1 0 1 1 0 8 0
pgrppl 48 190 0 173 1 0 1 1 0 8 0
ucredpl 104 37798 0 37782 1 0 1 1 0 8 0
zombiepl 144 37246 0 37246 3 2 1 1 0 8 1
processpl 1072 37314 0 37246 6 1 5 5 0 8 0
procpl 672 109010 0 108911 20 11 9 10 0 8 0
srpgc 96 58 0 58 22 21 1 1 0 8 1
sosppl 168 2571 0 2571 13 12 1 1 0 8 1
sockpl 488 129508 0 129452 2114 2094 20 41 0 8 13
mcl64k 65536 41 0 0 4 1 3 3 0 8 0
mcl16k 16384 41 0 0 4 1 3 3 0 8 0
mcl12k 12288 50 0 0 2 0 2 2 0 8 0
mcl9k 9216 41 0 0 2 0 2 2 0 8 0
mcl8k 8192 33 0 0 4 1 3 3 0 8 0
mcl4k 4096 97 0 0 11 8 3 9 0 8 0
mcl2k2 2112 17 0 0 2 0 2 2 0 8 0
mcl2k 2048 712 0 0 45 24 21 45 0 8 0
mtagpl 96 817 0 0 9 2 7 9 0 8 0
mbufpl 256 2312 0 0 119 0 119 119 0 8 0
bufpl 288 50382 0 43819 470 0 470 470 0 8 0
anonpl 24 7136337 0 7117939 361 232 129 143 0 186 0
amapchunkpl 152 716791 0 715940 125 91 34 45 0 158 0
amappl16 200 58062 0 57489 282 249 33 43 0 8 1
amappl15 192 3 0 3 1 1 0 1 0 8 0
amappl14 184 266 0 251 2 1 1 2 0 8 0
amappl13 176 17 0 17 4 3 1 1 0 8 1
amappl12 168 895 0 889 1 0 1 1 0 8 0
amappl11 160 51 0 43 1 0 1 1 0 8 0
amappl10 152 80 0 65 1 0 1 1 0 8 0
amappl9 144 1079 0 1078 2 1 1 1 0 8 0
amappl8 136 1231 0 1019 8 0 8 8 0 8 0
amappl7 128 324 0 298 3 1 2 2 0 8 0
amappl6 120 556 0 530 1 0 1 1 0 8 0
amappl5 112 681 0 674 1 0 1 1 0 8 0
amappl4 104 1310 0 1270 3 1 2 3 0 8 0
amappl3 96 113971 0 113908 2 0 2 2 0 8 0
amappl2 88 38863 0 38790 4 2 2 3 0 8 0
amappl1 80 855543 0 854764 25 7 18 23 0 8 0
amappl 88 256986 0 256701 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 37292 0 37230 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 37292 0 37230 1 0 1 1 0 8 0
vmmpekpl 168 282949 0 282877 4 0 4 4 0 8 0
vmmpepl 168 3348728 0 3345552 436 287 149 175 0 357 0
vmsppl 368 37291 0 37230 6 0 6 6 0 8 0
rwobjpl 56 891112 0 882451 160 35 125 125 0 8 0
pdppl 4096 74591 0 74492 685 586 99 105 0 8 0
pvpl 32 13956300 0 13931709 728 509 219 275 0 265 0
pmappl 248 37291 0 37230 5 0 5 5 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 2467 0 1498 29 0 29 29 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82949ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148
__mp_lock(ffffffff82ae86d0) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82ae86d0) at __mp_lock+0x133 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x1f
end of kernel
end trace frame: 0x7f7fffffb5d0, count: 8
ddb{0}> trace
x86_ipi_db(ffffffff82949ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148
__mp_lock(ffffffff82ae86d0) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82ae86d0) at __mp_lock+0x133 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x1f
end of kernel
end trace frame: 0x7f7fffffb5d0, count: -7
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825abdbc) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff82622021,ffffffff82615ff1,38e,ffffffff825c145e) at __assert+0x25 sys/kern/subr_prf.c:157
nd6_rtrequest(ffff800000c34800,b,fffffd806ee55540) at nd6_rtrequest+0x8bc sys/netinet6/nd6.c:910
rtrequest(b,ffff80002ff84bd8,3,ffff80002ff84c78,0) at rtrequest+0xa2a sys/net/route.c:969
rt_clone(ffff80002ff84ce8,fffffd805ac6aac8,0) at rt_clone+0x78 sys/net/route.c:257
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc rt_match sys/net/route.c:235 [inline]
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc sys/net/route.c:350
in6_selectroute(ffff80002ff84e20,ffff800000bed400,fffffd805ac6aab8,0) at in6_selectroute+0x12d sys/netinet6/in6_src.c:344
ip6_output(fffffd8058a8b700,ffff800000bed400,fffffd805ac6aab8,0,0,fffffd805ac6aa40) at ip6_output+0xcc5 sys/netinet6/ip6_output.c:472
rip6_output(fffffd8058a8b700,fffffd805ac40da0,ffff80002ff85068,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:516
rip6_send(fffffd805ac40da0,fffffd8058a8b700,0,0) at rip6_send+0x11b sys/netinet6/raw_ip6.c:770
sosend(fffffd805ac40da0,0,ffff80002ff85278,0,0,0) at sosend+0x69e
dofilewritev(ffff8000239627e8,4,ffff80002ff85278,0,ffff80002ff85360) at dofilewritev+0x19c sys/kern/sys_generic.c:375
sys_write(ffff8000239627e8,ffff80002ff85318,ffff80002ff85360) at sys_write+0x83 sys/kern/sys_generic.c:295
end trace frame: 0xffff80002ff853d0, count: 0
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825abdbc) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff82622021,ffffffff82615ff1,38e,ffffffff825c145e) at __assert+0x25 sys/kern/subr_prf.c:157
nd6_rtrequest(ffff800000c34800,b,fffffd806ee55540) at nd6_rtrequest+0x8bc sys/netinet6/nd6.c:910
rtrequest(b,ffff80002ff84bd8,3,ffff80002ff84c78,0) at rtrequest+0xa2a sys/net/route.c:969
rt_clone(ffff80002ff84ce8,fffffd805ac6aac8,0) at rt_clone+0x78 sys/net/route.c:257
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc rt_match sys/net/route.c:235 [inline]
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc sys/net/route.c:350
in6_selectroute(ffff80002ff84e20,ffff800000bed400,fffffd805ac6aab8,0) at in6_selectroute+0x12d sys/netinet6/in6_src.c:344
ip6_output(fffffd8058a8b700,ffff800000bed400,fffffd805ac6aab8,0,0,fffffd805ac6aa40) at ip6_output+0xcc5 sys/netinet6/ip6_output.c:472
rip6_output(fffffd8058a8b700,fffffd805ac40da0,ffff80002ff85068,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:516
rip6_send(fffffd805ac40da0,fffffd8058a8b700,0,0) at rip6_send+0x11b sys/netinet6/raw_ip6.c:770
sosend(fffffd805ac40da0,0,ffff80002ff85278,0,0,0) at sosend+0x69e
dofilewritev(ffff8000239627e8,4,ffff80002ff85278,0,ffff80002ff85360) at dofilewritev+0x19c sys/kern/sys_generic.c:375
sys_write(ffff8000239627e8,ffff80002ff85318,ffff80002ff85360) at sys_write+0x83 sys/kern/sys_generic.c:295
syscall(ffff80002ff853e0) at syscall+0x4c2 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002ff853e0) at syscall+0x4c2 sys/arch/amd64/amd64/trap.c:599
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf969284f7b0, count: -16
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 635d3c69cac3 regen
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11fee0ab880000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=e1a22f33c4a5bc5b98ed
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/18be6efb302c/disk-635d3c69.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/d5366301b831/bsd-635d3c69.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8ca3ce595c37/kernel-635d3c69.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e1a22f...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "ifa == rt->rt_ifa" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet6/nd6.c", line 910
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
109391 26667 0 0 0 0 syz-executor.7
* 31650 26667 0 0 0x4000000 1K syz-executor.7
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825abdbc) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff82622021,ffffffff82615ff1,38e,ffffffff825c145e) at __assert+0x25 sys/kern/subr_prf.c:157
nd6_rtrequest(ffff800000c34800,b,fffffd806ee55540) at nd6_rtrequest+0x8bc sys/netinet6/nd6.c:910
rtrequest(b,ffff80002ff84bd8,3,ffff80002ff84c78,0) at rtrequest+0xa2a sys/net/route.c:969
rt_clone(ffff80002ff84ce8,fffffd805ac6aac8,0) at rt_clone+0x78 sys/net/route.c:257
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc rt_match sys/net/route.c:235 [inline]
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc sys/net/route.c:350
in6_selectroute(ffff80002ff84e20,ffff800000bed400,fffffd805ac6aab8,0) at in6_selectroute+0x12d sys/netinet6/in6_src.c:344
ip6_output(fffffd8058a8b700,ffff800000bed400,fffffd805ac6aab8,0,0,fffffd805ac6aa40) at ip6_output+0xcc5 sys/netinet6/ip6_output.c:472
rip6_output(fffffd8058a8b700,fffffd805ac40da0,ffff80002ff85068,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:516
rip6_send(fffffd805ac40da0,fffffd8058a8b700,0,0) at rip6_send+0x11b sys/netinet6/raw_ip6.c:770
sosend(fffffd805ac40da0,0,ffff80002ff85278,0,0,0) at sosend+0x69e
dofilewritev(ffff8000239627e8,4,ffff80002ff85278,0,ffff80002ff85360) at dofilewritev+0x19c sys/kern/sys_generic.c:375
sys_write(ffff8000239627e8,ffff80002ff85318,ffff80002ff85360) at sys_write+0x83 sys/kern/sys_generic.c:295
end trace frame: 0xffff80002ff853d0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: kernel diagnostic assertion "ifa == rt->rt_ifa" failed: file "/syzkaller/managers/multicore/kernel/sys/netinet6/nd6.c", line 910
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825abdbc) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff82622021,ffffffff82615ff1,38e,ffffffff825c145e) at __assert+0x25 sys/kern/subr_prf.c:157
nd6_rtrequest(ffff800000c34800,b,fffffd806ee55540) at nd6_rtrequest+0x8bc sys/netinet6/nd6.c:910
rtrequest(b,ffff80002ff84bd8,3,ffff80002ff84c78,0) at rtrequest+0xa2a sys/net/route.c:969
rt_clone(ffff80002ff84ce8,fffffd805ac6aac8,0) at rt_clone+0x78 sys/net/route.c:257
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc rt_match sys/net/route.c:235 [inline]
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc sys/net/route.c:350
in6_selectroute(ffff80002ff84e20,ffff800000bed400,fffffd805ac6aab8,0) at in6_selectroute+0x12d sys/netinet6/in6_src.c:344
ip6_output(fffffd8058a8b700,ffff800000bed400,fffffd805ac6aab8,0,0,fffffd805ac6aa40) at ip6_output+0xcc5 sys/netinet6/ip6_output.c:472
rip6_output(fffffd8058a8b700,fffffd805ac40da0,ffff80002ff85068,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:516
rip6_send(fffffd805ac40da0,fffffd8058a8b700,0,0) at rip6_send+0x11b sys/netinet6/raw_ip6.c:770
sosend(fffffd805ac40da0,0,ffff80002ff85278,0,0,0) at sosend+0x69e
dofilewritev(ffff8000239627e8,4,ffff80002ff85278,0,ffff80002ff85360) at dofilewritev+0x19c sys/kern/sys_generic.c:375
sys_write(ffff8000239627e8,ffff80002ff85318,ffff80002ff85360) at sys_write+0x83 sys/kern/sys_generic.c:295
syscall(ffff80002ff853e0) at syscall+0x4c2 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002ff853e0) at syscall+0x4c2 sys/arch/amd64/amd64/trap.c:599
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf969284f7b0, count: -16
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002ff84920
rbx 0xffff800020dd9b8f
rdx 0xffff800000d19f80
rcx 0
rax 0xffff8000239627e8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x676f696919ef514a
r11 0x6039639db2ab8634
r12 0xffff800020dd9990
r13 0
r14 0
r15 0x1
rip 0xffffffff81176258 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002ff84910
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.7) pid=31650 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff800023963a48,0xffffffff82a522c0
process=0xffff8000296210d8 user=0xffff80002ff80000, vmspace=0xfffffd80649c28c8
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
90289 468676 90829 0 2 0 syz-executor.2
90289 174876 90829 0 3 0x4000080 fsleep syz-executor.2
26667 109391 77131 0 7 0 syz-executor.7
*26667 31650 77131 0 7 0x4000000 syz-executor.7
96388 181965 17550 0 3 0x90 nanoslp syz-executor.1
96388 248433 17550 0 3 0x4000090 fsleep syz-executor.1
96388 250735 17550 0 3 0x4000090 fsleep syz-executor.1
96388 55459 17550 0 3 0x4000090 fsleep syz-executor.1
56824 112137 81010 0 2 0 syz-executor.0
56824 478904 81010 0 3 0x4000080 fsleep syz-executor.0
51371 486060 68560 0 2 0 syz-executor.4
51371 72828 68560 0 3 0x4000080 netcon2 syz-executor.4
51371 444338 68560 0 2 0x4000000 syz-executor.4
68847 3207 95204 0 2 0 syz-executor.6
68847 450687 95204 0 3 0x4000080 fsleep syz-executor.6
99797 224372 52973 0 2 0 syz-executor.5
99797 47 52973 0 3 0x4000080 fsleep syz-executor.5
80000 274622 78505 0 3 0x80 nanoslp syz-executor.3
80000 274333 78505 0 3 0x4000080 fifor syz-executor.3
80000 109437 78505 0 2 0x4000000 syz-executor.3
80000 92565 78505 0 2 0x4000000 syz-executor.3
80000 252342 78505 0 3 0x4000080 fsleep syz-executor.3
80000 137255 78505 0 3 0x4000080 fsleep syz-executor.3
80000 354816 78505 0 2 0x4000000 syz-executor.3
78505 188274 74546 0 3 0x82 nanoslp syz-executor.3
77131 178108 74546 0 3 0x82 nanoslp syz-executor.7
95204 360848 74546 0 3 0x82 nanoslp syz-executor.6
81010 174481 74546 0 3 0x82 nanoslp syz-executor.0
72711 373491 0 0 3 0x14280 nfsidl nfsio
18115 186775 0 0 3 0x14280 nfsidl nfsio
98992 500899 0 0 3 0x14280 nfsidl nfsio
64183 332913 0 0 3 0x14280 nfsidl nfsio
38714 521479 0 0 3 0x14280 nfsidl nfsio
85740 270957 0 0 3 0x14280 nfsidl nfsio
62964 403244 0 0 3 0x14280 nfsidl nfsio
31819 250254 0 0 3 0x14280 nfsidl nfsio
96403 68608 0 0 3 0x14280 nfsidl nfsio
9110 380394 0 0 3 0x14280 nfsidl nfsio
41999 105279 0 0 3 0x14280 nfsidl nfsio
7528 132658 0 0 3 0x14280 nfsidl nfsio
42900 109184 0 0 3 0x14280 nfsidl nfsio
15894 388798 0 0 3 0x14280 nfsidl nfsio
11120 222222 0 0 3 0x14280 nfsidl nfsio
96002 521736 0 0 3 0x14280 nfsidl nfsio
18599 434841 0 0 3 0x14280 nfsidl nfsio
57337 69866 0 0 3 0x14280 nfsidl nfsio
50494 228006 0 0 3 0x14280 nfsidl nfsio
10197 426344 0 0 3 0x14280 nfsidl nfsio
17550 456919 74546 0 3 0x82 nanoslp syz-executor.1
68560 463124 74546 0 3 0x82 nanoslp syz-executor.4
52973 236310 74546 0 3 0x82 nanoslp syz-executor.5
90829 9125 74546 0 3 0x82 nanoslp syz-executor.2
22376 466762 0 0 3 0x14200 bored sosplice
93307 416483 27381 0 3 0x100082 netio arp
27381 498653 1 0 3 0x10008a sigsusp sh
74546 251940 12642 0 3 0x82 wait syz-fuzzer
74546 383283 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 355543 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 242055 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 55108 12642 0 3 0x4000082 wait syz-fuzzer
74546 4799 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 473902 12642 0 3 0x4000082 wait syz-fuzzer
74546 59728 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 71450 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 42467 12642 0 3 0x4000082 wait syz-fuzzer
74546 322811 12642 0 3 0x4000082 kqread syz-fuzzer
74546 168180 12642 0 3 0x4000082 wait syz-fuzzer
74546 304594 12642 0 3 0x4000082 wait syz-fuzzer
74546 255832 12642 0 3 0x4000082 thrsleep syz-fuzzer
74546 46192 12642 0 3 0x4000082 wait syz-fuzzer
74546 491007 12642 0 3 0x4000082 wait syz-fuzzer
12642 252752 89527 0 3 0x10008a sigsusp ksh
89527 310882 36520 0 3 0x9a kqread sshd
42701 377558 1 0 3 0x100083 ttyin getty
36520 266744 1 0 3 0x88 kqread sshd
26727 523845 38662 74 3 0x1100092 bpf pflogd
38662 289229 1 0 3 0x80 netio pflogd
95032 496976 26810 73 3 0x1100090 kqread syslogd
26810 17956 1 0 3 0x100082 netio syslogd
68172 51886 1 0 3 0x100080 kqread resolvd
27472 280944 0 0 3 0x14200 bored smr
93169 335191 0 0 2 0x14200 zerothread
74538 191411 0 0 3 0x14200 aiodoned aiodoned
53021 320270 0 0 3 0x14200 syncer update
83717 521920 0 0 3 0x14200 cleaner cleaner
58823 427937 0 0 3 0x14200 reaper reaper
61557 120284 0 0 3 0x14200 pgdaemon pagedaemon
93753 49551 0 0 3 0x14200 bored viomb
38500 307665 0 0 3 0x40014200 acpi0 acpi0
3004 259676 0 0 3 0x40014200 idle1
83103 170877 0 0 3 0x14200 bored softnet
6123 27172 0 0 3 0x14200 bored softnet
24313 300558 0 0 3 0x14200 bored softnet
61925 286468 0 0 3 0x14200 bored softnet
22775 493838 0 0 3 0x14200 bored systqmp
63777 383860 0 0 3 0x14200 bored systq
21376 477386 0 0 3 0x40014200 bored softclock
6029 336370 0 0 3 0x40014200 idle0
1 63131 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 26667 (syz-executor.7) thread 0xffff8000239627e8 (31650)
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10219 6518K 6924K 78643K 47122 0
pcb 15 22K 26K 78643K 4036 0
rtable 203 16K 17K 78643K 10737 0
ifaddr 208 52K 52K 78643K 2967 0
sysctl 3 1K 1K 78643K 5 0
counters 64 36K 37K 78643K 2630 0
ioctlops 0 0K 4K 78643K 7609 0
iov 0 0K 28K 78643K 2254 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1748 109K 109K 78643K 24579 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 226 0
VM map 2 1K 1K 78643K 2 0
sem 16 10K 20K 78643K 676 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 20 73K 89K 78643K 37037 0
sigio 0 0K 0K 78643K 735 0
proc 66 67K 127K 78643K 2397 0
subproc 117 7K 10K 78643K 680 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 1153 0
in_multi 92 6K 6K 78643K 1792 0
ether_multi 1 0K 0K 78643K 82 0
mrt 1 0K 0K 78643K 51 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 79 360K 360K 78643K 79 0
exec 0 0K 1K 78643K 3686 0
pfkey data 0 0K 0K 78643K 3 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 574 582K 587K 78643K 258294 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 2 0K 0K 78643K 3076 0
NDP 17 0K 1K 78643K 569 0
temp 150 4699K 70235K 78643K 236654 0
kqueue 7 12K 30K 78643K 5880 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 1352 0 1350 14 13 1 3 0 8 0
rtentry 112 4644 0 4560 4 1 3 4 0 8 0
unpcb 144 35515 0 35503 221 215 6 10 0 8 5
syncache 296 41 0 41 14 14 0 1 0 8 0
tcpqe 32 129 0 129 5 5 0 1 0 8 0
tcpcb 776 49827 0 49821 485 477 8 24 0 8 7
arp 120 719 0 705 1 0 1 1 0 8 0
inpcb 368 92549 0 92508 789 782 7 23 0 8 3
nd6 48 177 0 157 1 0 1 1 0 8 0
pkpcb 40 36 0 35 10 9 1 1 0 8 0
kcovpl 48 47 0 38 1 0 1 1 0 8 0
mppekey 1024 7 0 7 3 3 0 1 0 8 0
ppxss 1256 900 0 900 19 18 1 1 0 8 1
pppxif 1448 804 0 804 17 16 1 1 0 8 1
pfstscr 40 78 0 77 1 0 1 1 0 8 0
pffrag 232 59 0 57 8 7 1 1 0 482 0
pffrnode 88 59 0 57 8 7 1 1 0 8 0
pffrent 40 236 0 234 9 8 1 1 0 8 0
pfosfp 40 1453 0 1028 5 0 5 5 0 8 0
pfosfpen 112 1453 0 737 21 0 21 21 0 8 0
pfanchor 1280 1899 188 1387 49 6 43 43 0 8 0
pfqueue 264 4 0 4 1 1 0 1 0 8 0
pfstitem 24 121 0 117 1 0 1 1 0 8 0
pfstkey 120 267 0 263 3 2 1 3 0 8 0
pfstate 384 189 0 186 11 10 1 9 0 8 0
pfrule 1344 21 0 20 2 1 1 2 0 8 0
rttmr 136 7 0 7 3 3 0 1 0 8 0
art_heap8 4096 147 0 146 28 26 2 15 0 8 1
art_heap4 256 7303 0 6905 68 42 26 31 0 8 0
art_table 32 7450 0 7051 5 0 5 5 0 8 0
art_node 16 3947 0 3875 1 0 1 1 0 8 0
sysvmsgpl 40 31 0 31 1 1 0 1 0 8 0
semupl 112 22 0 22 2 2 0 1 0 8 0
semapl 112 631 0 617 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 53982 0 52476 95 0 95 95 0 8 0
ffsino 272 53982 0 52476 102 0 102 102 0 8 0
nchpl 144 102925 0 101278 63 0 63 63 0 8 0
rtmask 32 10 0 10 4 4 0 1 0 8 0
uvmvnodes 80 6562 0 0 134 0 134 134 0 8 0
vnodes 216 6562 0 0 365 0 365 365 0 8 0
namei 1024 359620 0 359620 5 4 1 2 0 8 1
percpumem 16 1327 0 1283 1 0 1 1 0 8 0
vcpupl 2048 32 0 0 4 0 4 4 0 8 0
vmpool 568 43 0 11 3 0 3 3 0 8 0
kstatmem 264 896 0 862 6 3 3 3 0 8 0
scsiplug 72 6 0 6 2 2 0 1 0 8 0
scxspl 216 277880 0 277880 42 39 3 8 0 8 3
plimitpl 152 1684 0 1668 1 0 1 1 0 8 0
sigapl 424 37314 0 37246 12 4 8 9 0 8 0
futexpl 64 378348 0 378340 2 1 1 1 0 8 0
knotepl 120 1523 0 0 14 3 11 11 0 8 0
kqueuepl 216 12095 0 12089 69 65 4 9 0 8 3
pipepl 320 6602 0 6571 241 231 10 13 0 8 7
fdescpl 496 37249 0 37219 5 0 5 5 0 8 0
filepl 152 305676 0 305393 323 305 18 24 0 8 5
lockfpl 104 9027 0 9026 13 12 1 2 0 8 0
lockfspl 48 2808 0 2807 1 0 1 1 0 8 0
sessionpl 144 63 0 46 1 0 1 1 0 8 0
pgrppl 48 190 0 173 1 0 1 1 0 8 0
ucredpl 104 37798 0 37782 1 0 1 1 0 8 0
zombiepl 144 37246 0 37246 3 2 1 1 0 8 1
processpl 1072 37314 0 37246 6 1 5 5 0 8 0
procpl 672 109010 0 108911 20 11 9 10 0 8 0
srpgc 96 58 0 58 22 21 1 1 0 8 1
sosppl 168 2571 0 2571 13 12 1 1 0 8 1
sockpl 488 129508 0 129452 2114 2094 20 41 0 8 13
mcl64k 65536 41 0 0 4 1 3 3 0 8 0
mcl16k 16384 41 0 0 4 1 3 3 0 8 0
mcl12k 12288 50 0 0 2 0 2 2 0 8 0
mcl9k 9216 41 0 0 2 0 2 2 0 8 0
mcl8k 8192 33 0 0 4 1 3 3 0 8 0
mcl4k 4096 97 0 0 11 8 3 9 0 8 0
mcl2k2 2112 17 0 0 2 0 2 2 0 8 0
mcl2k 2048 712 0 0 45 24 21 45 0 8 0
mtagpl 96 817 0 0 9 2 7 9 0 8 0
mbufpl 256 2312 0 0 119 0 119 119 0 8 0
bufpl 288 50382 0 43819 470 0 470 470 0 8 0
anonpl 24 7136337 0 7117939 361 232 129 143 0 186 0
amapchunkpl 152 716791 0 715940 125 91 34 45 0 158 0
amappl16 200 58062 0 57489 282 249 33 43 0 8 1
amappl15 192 3 0 3 1 1 0 1 0 8 0
amappl14 184 266 0 251 2 1 1 2 0 8 0
amappl13 176 17 0 17 4 3 1 1 0 8 1
amappl12 168 895 0 889 1 0 1 1 0 8 0
amappl11 160 51 0 43 1 0 1 1 0 8 0
amappl10 152 80 0 65 1 0 1 1 0 8 0
amappl9 144 1079 0 1078 2 1 1 1 0 8 0
amappl8 136 1231 0 1019 8 0 8 8 0 8 0
amappl7 128 324 0 298 3 1 2 2 0 8 0
amappl6 120 556 0 530 1 0 1 1 0 8 0
amappl5 112 681 0 674 1 0 1 1 0 8 0
amappl4 104 1310 0 1270 3 1 2 3 0 8 0
amappl3 96 113971 0 113908 2 0 2 2 0 8 0
amappl2 88 38863 0 38790 4 2 2 3 0 8 0
amappl1 80 855543 0 854764 25 7 18 23 0 8 0
amappl 88 256986 0 256701 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 37292 0 37230 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 37292 0 37230 1 0 1 1 0 8 0
vmmpekpl 168 282949 0 282877 4 0 4 4 0 8 0
vmmpepl 168 3348728 0 3345552 436 287 149 175 0 357 0
vmsppl 368 37291 0 37230 6 0 6 6 0 8 0
rwobjpl 56 891112 0 882451 160 35 125 125 0 8 0
pdppl 4096 74591 0 74492 685 586 99 105 0 8 0
pvpl 32 13956300 0 13931709 728 509 219 275 0 265 0
pmappl 248 37291 0 37230 5 0 5 5 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 2467 0 1498 29 0 29 29 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82949ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148
__mp_lock(ffffffff82ae86d0) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82ae86d0) at __mp_lock+0x133 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x1f
end of kernel
end trace frame: 0x7f7fffffb5d0, count: 8
ddb{0}> trace
x86_ipi_db(ffffffff82949ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148
__mp_lock(ffffffff82ae86d0) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82ae86d0) at __mp_lock+0x133 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x1f
end of kernel
end trace frame: 0x7f7fffffb5d0, count: -7
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825abdbc) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff82622021,ffffffff82615ff1,38e,ffffffff825c145e) at __assert+0x25 sys/kern/subr_prf.c:157
nd6_rtrequest(ffff800000c34800,b,fffffd806ee55540) at nd6_rtrequest+0x8bc sys/netinet6/nd6.c:910
rtrequest(b,ffff80002ff84bd8,3,ffff80002ff84c78,0) at rtrequest+0xa2a sys/net/route.c:969
rt_clone(ffff80002ff84ce8,fffffd805ac6aac8,0) at rt_clone+0x78 sys/net/route.c:257
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc rt_match sys/net/route.c:235 [inline]
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc sys/net/route.c:350
in6_selectroute(ffff80002ff84e20,ffff800000bed400,fffffd805ac6aab8,0) at in6_selectroute+0x12d sys/netinet6/in6_src.c:344
ip6_output(fffffd8058a8b700,ffff800000bed400,fffffd805ac6aab8,0,0,fffffd805ac6aa40) at ip6_output+0xcc5 sys/netinet6/ip6_output.c:472
rip6_output(fffffd8058a8b700,fffffd805ac40da0,ffff80002ff85068,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:516
rip6_send(fffffd805ac40da0,fffffd8058a8b700,0,0) at rip6_send+0x11b sys/netinet6/raw_ip6.c:770
sosend(fffffd805ac40da0,0,ffff80002ff85278,0,0,0) at sosend+0x69e
dofilewritev(ffff8000239627e8,4,ffff80002ff85278,0,ffff80002ff85360) at dofilewritev+0x19c sys/kern/sys_generic.c:375
sys_write(ffff8000239627e8,ffff80002ff85318,ffff80002ff85360) at sys_write+0x83 sys/kern/sys_generic.c:295
end trace frame: 0xffff80002ff853d0, count: 0
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825abdbc) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff82622021,ffffffff82615ff1,38e,ffffffff825c145e) at __assert+0x25 sys/kern/subr_prf.c:157
nd6_rtrequest(ffff800000c34800,b,fffffd806ee55540) at nd6_rtrequest+0x8bc sys/netinet6/nd6.c:910
rtrequest(b,ffff80002ff84bd8,3,ffff80002ff84c78,0) at rtrequest+0xa2a sys/net/route.c:969
rt_clone(ffff80002ff84ce8,fffffd805ac6aac8,0) at rt_clone+0x78 sys/net/route.c:257
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc rt_match sys/net/route.c:235 [inline]
rtalloc_mpath(fffffd805ac6aac8,0,0) at rtalloc_mpath+0xbc sys/net/route.c:350
in6_selectroute(ffff80002ff84e20,ffff800000bed400,fffffd805ac6aab8,0) at in6_selectroute+0x12d sys/netinet6/in6_src.c:344
ip6_output(fffffd8058a8b700,ffff800000bed400,fffffd805ac6aab8,0,0,fffffd805ac6aa40) at ip6_output+0xcc5 sys/netinet6/ip6_output.c:472
rip6_output(fffffd8058a8b700,fffffd805ac40da0,ffff80002ff85068,0) at rip6_output+0x4ad sys/netinet6/raw_ip6.c:516
rip6_send(fffffd805ac40da0,fffffd8058a8b700,0,0) at rip6_send+0x11b sys/netinet6/raw_ip6.c:770
sosend(fffffd805ac40da0,0,ffff80002ff85278,0,0,0) at sosend+0x69e
dofilewritev(ffff8000239627e8,4,ffff80002ff85278,0,ffff80002ff85360) at dofilewritev+0x19c sys/kern/sys_generic.c:375
sys_write(ffff8000239627e8,ffff80002ff85318,ffff80002ff85360) at sys_write+0x83 sys/kern/sys_generic.c:295
syscall(ffff80002ff853e0) at syscall+0x4c2 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff80002ff853e0) at syscall+0x4c2 sys/arch/amd64/amd64/trap.c:599
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf969284f7b0, count: -16
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 14, 2023, 9:21:39 PM3/14/23
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages