panic: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *314440 37534 0 0 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80002a68ce18,0,fffffd807e0398f8,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd80649f5a00,0,fffffd807e0398f8,0,0,fffffd807e039998) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000daf000) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8078f54640,fffffd80649f5b00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a64c2c0,ffff80002a68d2c0,ffff80002a68d210) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80002a68d2c0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe8d30e85ae0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80002a68ce18,0,fffffd807e0398f8,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd80649f5a00,0,fffffd807e0398f8,0,0,fffffd807e039998) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000daf000) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8078f54640,fffffd80649f5b00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a64c2c0,ffff80002a68d2c0,ffff80002a68d210) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80002a68d2c0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe8d30e85ae0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a68cc70 rbx 0x2 rdx 0xffff800000de3980 rcx 0 rax 0xffff80002a64c2c0 r8 0 r9 0x8080808080808080 r10 0xf2d057933972f9f9 r11 0x68ba5715de0f06c2 r12 0 r13 0xffff80002a68ce18 r14 0 r15 0x1 rip 0xffffffff81c11dcc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002a68cc60 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) tid=314440 pid=37534 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a608ab8,0xffff80002a64dab8 process=0xffff8000ffff5500 user=0xffff80002a688000, vmspace=0xfffffd807275d848 estcpu=36, cpticks=21, pctcpu=0.0, user=0, sys=21, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 54435 101897 32335 0 2 0 syz-executor.5 21560 446938 28187 0 2 0 syz-executor.1 21560 142450 28187 0 2 0x4000000 syz-executor.1 79503 470605 52518 0 2 0 syz-executor.0 79503 34911 52518 0 3 0x4000080 fsleep syz-executor.0 35891 249457 57700 0 2 0x480 syz-executor.4 35891 132619 57700 0 3 0x4000080 fsleep syz-executor.4 35891 227952 57700 0 3 0x4000080 fsleep syz-executor.4 8393 34876 16994 0 2 0 syz-executor.6 8393 167342 16994 0 2 0x4000000 syz-executor.6 8393 489529 16994 0 2 0x4000000 syz-executor.6 37534 307324 94597 0 2 0 syz-executor.3 *37534 314440 94597 0 7 0x4000000 syz-executor.3 93784 155064 86819 0 2 0x480 syz-executor.2 93784 511571 86819 0 3 0x4000080 fifow syz-executor.2 93784 402986 86819 0 3 0x4000080 fifow syz-executor.2 93784 511643 86819 0 3 0x4000080 fsleep syz-executor.2 16492 483397 51546 0 3 0x82 piperd syz-executor.7 28187 477885 51546 0 2 0x482 syz-executor.1 94597 34973 51546 0 2 0x482 syz-executor.3 52518 277242 51546 0 2 0x482 syz-executor.0 32335 68391 51546 0 2 0x482 syz-executor.5 57700 366277 51546 0 2 0x482 syz-executor.4 86819 328921 51546 0 2 0x482 syz-executor.2 16994 139917 51546 0 2 0x482 syz-executor.6 92078 111807 0 0 3 0x14280 nfsidl nfsio 50981 385324 0 0 3 0x14280 nfsidl nfsio 21486 339027 0 0 3 0x14280 nfsidl nfsio 98986 193057 0 0 3 0x14280 nfsidl nfsio 87220 85632 0 0 3 0x14280 nfsidl nfsio 91540 124676 0 0 3 0x14280 nfsidl nfsio 19678 285971 0 0 3 0x14280 nfsidl nfsio 93509 86158 0 0 3 0x14280 nfsidl nfsio 20361 274504 0 0 3 0x14280 nfsidl nfsio 96912 13679 0 0 3 0x14280 nfsidl nfsio 40463 63934 0 0 3 0x14280 nfsidl nfsio 70099 178237 0 0 3 0x14280 nfsidl nfsio 6952 280425 0 0 3 0x14280 nfsidl nfsio 17545 478537 0 0 3 0x14280 nfsidl nfsio 18760 438340 0 0 3 0x14280 nfsidl nfsio 96693 324465 0 0 3 0x14280 nfsidl nfsio 82368 65866 0 0 3 0x14280 nfsidl nfsio 74208 103117 0 0 3 0x14280 nfsidl nfsio 93616 333093 0 0 3 0x14280 nfsidl nfsio 35328 35112 0 0 3 0x14280 nfsidl nfsio 81347 519952 1 0 3 0x100083 ttyin getty 7487 465707 0 0 3 0x14200 bored sosplice 51546 33295 55211 0 3 0x2000082 thrsleep syz-fuzzer 51546 346348 55211 0 2 0x6000482 syz-fuzzer 51546 231686 55211 0 3 0x6000082 thrsleep syz-fuzzer 51546 37379 55211 0 2 0x6000002 syz-fuzzer 51546 192612 55211 0 3 0x6000082 wait syz-fuzzer 51546 498232 55211 0 3 0x6000082 wait syz-fuzzer 51546 126009 55211 0 3 0x6000082 thrsleep syz-fuzzer 51546 511388 55211 0 3 0x6000082 wait syz-fuzzer 51546 471161 55211 0 3 0x6000082 wait syz-fuzzer 51546 337581 55211 0 3 0x6000082 thrsleep syz-fuzzer 51546 463678 55211 0 3 0x6000082 wait syz-fuzzer 51546 67540 55211 0 3 0x6000082 wait syz-fuzzer 51546 503417 55211 0 3 0x6000082 wait syz-fuzzer 51546 153601 55211 0 3 0x6000082 wait syz-fuzzer 55211 429445 99876 0 3 0x10008a sigsusp ksh 99876 220654 17815 0 3 0x9a kqread sshd 17815 471464 1 0 3 0x88 kqread sshd 59994 400720 17524 73 3 0x1100090 kqread syslogd 17524 469434 1 0 3 0x100082 netio syslogd 79611 215456 1 0 3 0x100080 kqread resolvd 39831 177717 61884 77 3 0x100092 kqread dhcpleased 504 477845 61884 77 2 0x100492 dhcpleased 61884 506323 1 0 3 0x80 kqread dhcpleased 64763 257923 0 0 3 0x14200 bored smr 60525 378364 0 0 2 0x14200 zerothread 32442 256854 0 0 3 0x14200 aiodoned aiodoned 76672 444107 0 0 3 0x14200 syncer update 79948 498013 0 0 3 0x14200 cleaner cleaner 58007 37688 0 0 3 0x14200 reaper reaper 11909 384166 0 0 3 0x14200 pgdaemon pagedaemon 56696 279718 0 0 3 0x14200 bored viomb 32048 198213 0 0 3 0x40014200 acpi0 acpi0 24233 468790 0 0 3 0x14200 bored softnet3 37796 209377 0 0 3 0x14200 bored softnet2 20435 395387 0 0 3 0x14200 bored softnet1 66698 314129 0 0 3 0x14200 bored softnet0 27106 518041 0 0 3 0x14200 bored systqmp 28241 222566 0 0 3 0x14200 bored systq 155 58608 0 0 2 0x40014200 softclock 73021 482330 0 0 3 0x40014200 idle0 1 45502 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10223 6434K 7123K 166960K 30193 0 pcb 15 20K 22K 166960K 804 0 rtable 215 15K 16K 166960K 2040 0 pf 33 9K 10K 166960K 367 0 ifaddr 41 12K 13K 166960K 333 0 ifgroup 58 2K 2K 166960K 546 0 sysctl 2 0K 0K 166960K 4 0 counters 32 17K 17K 166960K 181 0 ioctlops 0 0K 2K 166960K 645 0 iov 0 0K 32K 166960K 1098 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1598 100K 100K 166960K 7610 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 119 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 21 0 dirhash 12 2K 2K 166960K 63 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 17 61K 77K 166960K 9159 0 sigio 0 0K 0K 166960K 530 0 proc 59 59K 91K 166960K 2014 0 subproc 104 6K 6K 166960K 712 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 342 0 in_multi 89 6K 7K 166960K 616 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 247 1102K 1102K 166960K 247 0 exec 0 0K 1K 166960K 2311 0 pfkey data 0 0K 0K 166960K 14 0 tdb 3 0K 0K 166960K 3 0 pagedep 1 8K 8K 166960K 1 0 inodedep 1 32K 32K 166960K 1 0 newblk 1 0K 0K 166960K 1 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 411 463K 480K 166960K 84722 0 UVM aobj 131 4K 4K 166960K 133 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 192 0 NDP 13 0K 1K 166960K 265 0 temp 74 6704K 7044K 166960K 81523 0 kqueue 12 18K 30K 166960K 754 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 776 0 773 11 8 3 3 0 8 2 rtentry 112 625 0 529 5 1 4 4 0 8 0 unpcb 144 8501 0 8482 87 80 7 10 0 8 6 syncache 320 61 0 61 14 14 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 211 0 211 11 11 0 1 0 8 0 tcpcb 808 2721 0 2714 93 92 1 15 0 8 0 arp 88 111 0 97 1 0 1 1 0 8 0 ipq 40 10 0 10 4 4 0 1 0 8 0 ipqe 40 33 0 33 4 4 0 1 0 8 0 inpcb 344 6338 0 6327 119 117 2 20 0 8 0 nd6 104 161 0 141 1 0 1 1 0 8 0 pkpcb 40 38 0 38 7 6 1 1 0 8 1 kcovpl 48 54 0 46 1 0 1 1 0 8 0 ppxss 1072 72 0 72 13 12 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2593 0 2157 70 41 29 31 0 8 1 art_table 32 2594 0 2157 5 1 4 5 0 8 0 art_node 16 612 0 524 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 13 1 0 1 1 0 8 0 semupl 112 6 0 6 3 3 0 1 0 8 0 semapl 112 12 0 2 1 0 1 1 0 8 0 shmpl 112 130 0 2 4 0 4 4 0 8 0 dirhash 1024 51 0 34 3 0 3 3 0 8 0 dino2pl 256 13988 0 12494 94 0 94 94 0 8 0 ffsino 240 13988 0 12494 89 0 89 89 0 8 0 nchpl 144 26346 0 24696 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 92800 0 92800 8 7 1 2 0 8 1 vcpupl 2048 102 0 1 13 0 13 13 0 8 0 vmpool 664 110 0 9 9 0 9 9 0 8 0 kstatmem 264 324 0 298 2 0 2 2 0 8 0 scxspl 216 81548 0 81548 22 21 1 8 1 8 1 plimitpl 152 1172 0 1157 1 0 1 1 0 8 0 sigapl 424 9546 0 9481 10 2 8 8 0 8 0 futexpl 64 82105 0 82101 5 4 1 1 0 8 0 knotepl 120 88656 0 88572 35 31 4 11 0 8 0 kqueuepl 184 2222 0 2214 37 36 1 7 0 8 0 pipepl 288 1823 0 1795 52 47 5 7 0 8 2 fdescpl 432 9327 0 9299 4 0 4 4 0 8 0 filepl 120 59177 0 58902 96 83 13 20 0 8 2 lockfpl 104 3035 0 3033 7 6 1 3 0 8 0 lockfspl 48 989 0 987 1 0 1 1 0 8 0 sessionpl 144 66 0 50 1 0 1 1 0 8 0 pgrppl 48 286 0 270 1 0 1 1 0 8 0 ucredpl 104 8292 0 8281 1 0 1 1 0 8 0 zombiepl 144 9481 0 9481 3 2 1 1 0 8 1 processpl 1072 9546 0 9481 6 1 5 5 0 8 0 procpl 680 22616 0 22528 25 17 8 10 0 8 0 sosppl 168 77 0 77 10 9 1 1 0 8 1 sockpl 456 15659 0 15626 380 369 11 38 0 8 6 mcl64k 65536 374 0 374 19 18 1 1 0 8 1 mcl16k 16384 215 0 215 16 15 1 1 0 8 1 mcl12k 12288 378 0 378 15 14 1 1 0 8 1 mcl9k 9216 166 0 166 18 17 1 1 0 8 1 mcl8k 8192 775 0 775 17 16 1 1 0 8 1 mcl4k 4096 1011 0 1011 14 13 1 1 0 8 1 mcl2k2 2112 48 0 48 13 12 1 1 0 8 1 mcl2k 2048 87513 0 87462 71 62 9 28 0 8 1 mtagpl 96 1575 0 1285 27 18 9 14 0 8 1 mbufpl 256 226086 0 225621 464 420 44 113 0 8 8 bufpl 288 18564 0 12171 457 0 457 457 0 8 0 anonpl 24 1016768 0 1002267 238 138 100 156 0 188 0 amapchunkpl 152 275122 0 274252 145 103 42 77 0 158 2 amappl16 200 20180 0 19731 95 69 26 38 0 8 0 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 290 0 276 2 1 1 2 0 8 0 amappl13 176 90 0 89 1 0 1 1 0 8 0 amappl12 168 10579 0 10549 2 0 2 2 0 8 0 amappl11 160 59 0 49 1 0 1 1 0 8 0 amappl10 152 71 0 61 1 0 1 1 0 8 0 amappl9 144 225 0 224 1 0 1 1 0 8 0 amappl8 136 476 0 392 3 0 3 3 0 8 0 amappl7 128 294 0 270 2 0 2 2 0 8 0 amappl6 120 962 0 948 1 0 1 1 0 8 0 amappl5 112 262 0 254 1 0 1 1 0 8 0 amappl4 104 745 0 722 2 1 1 2 0 8 0 amappl3 96 52891 0 52801 4 1 3 3 0 8 0 amappl2 88 10290 0 10212 3 1 2 3 0 8 0 amappl1 80 44205 0 43688 27 15 12 22 0 8 0 amappl 88 83705 0 83452 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 132 0 2 3 0 3 3 0 8 0 uaddrrnd 24 9437 0 9308 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9437 0 9308 1 0 1 1 0 8 0 vmmpekpl 168 72118 0 72049 4 0 4 4 0 8 0 vmmpepl 168 579171 0 576758 277 157 120 142 0 357 0 vmsppl 352 9436 0 9308 12 0 12 12 0 8 0 rwobjpl 24 139096 0 131520 51 3 48 48 0 8 0 pdppl 4096 18880 0 18717 565 400 165 165 0 8 2 pvpl 32 2716904 0 2696374 568 395 173 332 0 265 0 pmappl 216 9436 0 9308 8 0 8 8 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2074 0 1150 29 0 29 29 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80002a68ce18,0,fffffd807e0398f8,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd80649f5a00,0,fffffd807e0398f8,0,0,fffffd807e039998) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000daf000) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8078f54640,fffffd80649f5b00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a64c2c0,ffff80002a68d2c0,ffff80002a68d210) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80002a68d2c0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe8d30e85ae0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80002a68ce18,0,fffffd807e0398f8,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd80649f5a00,0,fffffd807e0398f8,0,0,fffffd807e039998) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000daf000) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8078f54640,fffffd80649f5b00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a64c2c0,ffff80002a68d2c0,ffff80002a68d210) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80002a68d2c0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe8d30e85ae0, count: -10