panic: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *450797 26354 0 0 0x4000000 0 syz-executor.6 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285300a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4920,ffffffff8282cbbd,148,ffffffff829229b7) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff800035da2dc8,0,fffffd80761a20a0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd8067011200,0,fffffd80761a20a0,0,0,fffffd80761a2140) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000db0618) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8064f948f0,fffffd8067011700) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a679558,ffff800035da3270,ffff800035da31c0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff800035da3270) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x794738eb30, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285300a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4920,ffffffff8282cbbd,148,ffffffff829229b7) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff800035da2dc8,0,fffffd80761a20a0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd8067011200,0,fffffd80761a20a0,0,0,fffffd80761a2140) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000db0618) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8064f948f0,fffffd8067011700) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a679558,ffff800035da3270,ffff800035da31c0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff800035da3270) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x794738eb30, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800035da2c20 rbx 0x2 rdx 0xffff80000104f280 rcx 0 rax 0xffff80002a679558 r8 0 r9 0x8080808080808080 r10 0xdcd09bfff182c8c3 r11 0x4798ee724a65fbf1 r12 0 r13 0xffff800035da2dc8 r14 0 r15 0x1 rip 0xffffffff813c0b6c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800035da2c10 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.6) tid=450797 pid=26354 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a678568,0xffff80002a6e3818 process=0xffff800035de1938 user=0xffff800035d9e000, vmspace=0xfffffd807121f1c8 estcpu=36, cpticks=20, pctcpu=0.0, user=0, sys=20, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 89117 345596 23836 0 2 0 syz-executor.4 89117 172447 23836 0 3 0x4000080 fsleep syz-executor.4 66693 512193 95155 0 2 0 syz-executor.5 66693 471156 95155 0 3 0x4000080 fsleep syz-executor.5 26354 166068 88296 0 2 0 syz-executor.6 *26354 450797 88296 0 7 0x4000000 syz-executor.6 97781 489628 53085 0 2 0 syz-executor.3 97781 367898 53085 0 3 0x4000080 lockf syz-executor.3 69480 244683 90713 0 2 0x482 syz-executor.7 68635 468590 90713 0 2 0x482 syz-executor.0 53085 342333 90713 0 2 0x482 syz-executor.3 95155 115176 90713 0 2 0x482 syz-executor.5 88296 220686 90713 0 2 0x482 syz-executor.6 53848 255419 90713 0 2 0x2 syz-executor.1 96640 299907 1 0 3 0x100083 ttyin getty 23836 44104 90713 0 2 0x482 syz-executor.4 30142 130646 90713 0 2 0x482 syz-executor.2 74805 286073 1 0 3 0x80 fsleep syz-executor.0 74805 62958 1 0 3 0x4000080 netcon syz-executor.0 74805 35284 1 0 3 0x4000080 fsleep syz-executor.0 95051 161834 1 0 3 0x80 fsleep syz-executor.6 95051 432594 1 0 3 0x4000080 fifor syz-executor.6 95051 131320 1 0 3 0x4000080 fsleep syz-executor.6 95051 265190 1 0 3 0x4000080 fsleep syz-executor.6 88991 300242 1 0 3 0x80 fsleep syz-executor.5 88991 343213 1 0 3 0x4000080 netcon syz-executor.5 17136 111557 0 0 3 0x14200 bored sosplice 90713 508392 121 0 3 0x2000082 wait syz-fuzzer 90713 381372 121 0 2 0x6000482 syz-fuzzer 90713 29353 121 0 3 0x6000082 wait syz-fuzzer 90713 213743 121 0 3 0x6000082 thrsleep syz-fuzzer 90713 306420 121 0 3 0x6000082 thrsleep syz-fuzzer 90713 89025 121 0 3 0x6000082 wait syz-fuzzer 90713 294247 121 0 3 0x6000082 wait syz-fuzzer 90713 287785 121 0 3 0x6000082 thrsleep syz-fuzzer 90713 19516 121 0 3 0x6000082 thrsleep syz-fuzzer 90713 23712 121 0 3 0x6000082 thrsleep syz-fuzzer 90713 120309 121 0 3 0x6000082 wait syz-fuzzer 90713 220094 121 0 3 0x6000082 wait syz-fuzzer 90713 10912 121 0 3 0x6000082 kqread syz-fuzzer 90713 35977 121 0 3 0x6000082 wait syz-fuzzer 90713 34637 121 0 3 0x6000082 wait syz-fuzzer 121 51461 76910 0 3 0x10008a sigsusp ksh 76910 379107 71976 0 3 0x9a kqread sshd 71976 30471 1 0 3 0x88 kqread sshd 23564 480671 55287 73 3 0x1100090 kqread syslogd 55287 42676 1 0 3 0x100082 netio syslogd 21275 515008 1 0 3 0x100080 kqread resolvd 55147 309493 5430 77 3 0x100092 kqread dhcpleased 96964 446742 5430 77 3 0x100092 kqread dhcpleased 5430 357222 1 0 3 0x80 kqread dhcpleased 29750 487400 0 0 2 0x14200 smr 82703 200305 0 0 2 0x14200 zerothread 84935 497852 0 0 3 0x14200 aiodoned aiodoned 68708 205251 0 0 3 0x14200 syncer update 58100 405528 0 0 3 0x14200 cleaner cleaner 63310 371242 0 0 3 0x14200 reaper reaper 96355 194997 0 0 3 0x14200 pgdaemon pagedaemon 37277 268364 0 0 3 0x14200 bored viomb 42088 413333 0 0 3 0x40014200 acpi0 acpi0 10757 9298 0 0 3 0x14200 bored softnet3 95035 260820 0 0 3 0x14200 bored softnet2 26645 144450 0 0 3 0x14200 bored softnet1 91831 365208 0 0 3 0x14200 bored softnet0 53758 434924 0 0 3 0x14200 bored systqmp 11007 516549 0 0 3 0x14200 bored systq 88518 350863 0 0 2 0x40014200 softclock 93341 357090 0 0 3 0x40014200 idle0 1 499644 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10237 6636K 7690K 166960K 56057 0 pcb 15 20K 22K 166960K 2213 0 rtable 215 15K 16K 166960K 5672 0 pf 38 10K 10K 166960K 793 0 ifaddr 42 14K 15K 166960K 675 0 ifgroup 67 2K 2K 166960K 1224 0 sysctl 4 1K 1K 166960K 14 0 counters 34 18K 18K 166960K 363 0 ioctlops 0 0K 2K 166960K 978 0 iov 0 0K 32K 166960K 2615 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1793 112K 112K 166960K 17332 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 333 0 VM map 2 1K 1K 166960K 2 0 sem 11 1K 1K 166960K 15 0 dirhash 12 2K 2K 166960K 138 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 18 65K 85K 166960K 23929 0 sigio 0 0K 0K 166960K 716 0 proc 58 59K 75K 166960K 3836 0 subproc 143 8K 8K 166960K 1330 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1997 0 in_multi 83 6K 7K 166960K 1367 0 ether_multi 1 0K 0K 166960K 18 0 mrt 1 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 5038 0 pfkey data 0 0K 4K 166960K 42 0 tdb 3 0K 0K 166960K 3 0 pagedep 1 8K 8K 166960K 1 0 inodedep 1 32K 32K 166960K 1 0 newblk 1 0K 0K 166960K 1 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 675 1151K 1152K 166960K 223388 0 UVM aobj 131 6K 6K 166960K 131 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 591 0 NDP 15 0K 2K 166960K 554 0 temp 87 6704K 7084K 166960K 213844 0 kqueue 13 20K 26K 166960K 1878 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1675 0 1672 22 21 1 5 0 8 0 rtentry 112 1963 0 1869 8 5 3 4 0 8 0 unpcb 144 18685 0 18666 214 213 1 10 0 8 0 syncache 320 499 0 499 55 54 1 1 0 8 1 tcpqe 32 428 0 428 41 40 1 1 0 8 1 tcpcb 808 10314 0 10278 290 283 7 18 0 8 3 arp 88 446 0 432 1 0 1 1 0 8 0 ipq 40 26 0 24 9 8 1 1 0 8 0 ipqe 40 118 0 113 9 8 1 1 0 8 0 inpcb 344 23743 0 23703 390 378 12 20 0 8 8 nd6 104 325 0 304 1 0 1 1 0 8 0 pkpcb 40 283 0 283 26 26 0 1 0 8 0 kcovpl 48 102 0 91 1 0 1 1 0 8 0 ppxss 1072 128 0 128 31 31 0 1 0 8 0 art_heap8 4096 5 0 4 3 2 1 3 0 8 0 art_heap4 256 6372 0 5939 86 58 28 29 0 8 0 art_table 32 6377 0 5943 6 2 4 4 0 8 0 art_node 16 1898 0 1812 1 0 1 1 0 8 0 sysvmsgpl 40 53 0 13 1 0 1 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 9 0 0 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 101 0 84 3 0 3 3 0 8 0 dino2pl 256 33144 0 31573 99 0 99 99 0 8 0 ffsino 240 33144 0 31573 93 0 93 93 0 8 0 nchpl 144 65059 0 63415 63 0 63 63 0 8 0 uvmvnodes 80 7204 0 0 148 0 148 148 0 8 0 vnodes 216 7204 0 0 401 0 401 401 0 8 0 namei 1024 228443 0 228442 15 14 1 3 0 8 0 vcpupl 2048 288 0 1 36 0 36 36 0 8 0 vmpool 664 317 0 30 26 2 24 24 0 8 0 kstatmem 264 688 0 658 4 1 3 3 0 8 0 scxspl 216 210862 0 210862 84 83 1 8 1 8 1 plimitpl 152 3062 0 3043 1 0 1 1 0 8 0 sigapl 424 25594 0 25546 10 2 8 8 0 8 0 futexpl 64 219465 0 219457 2 1 1 1 0 8 0 knotepl 120 233804 0 233719 70 66 4 16 0 8 0 kqueuepl 184 4720 0 4711 63 62 1 7 0 8 0 pipepl 288 4562 0 4530 112 109 3 12 0 8 0 fdescpl 432 24016 0 23987 4 0 4 4 0 8 0 filepl 120 155126 0 154822 244 231 13 20 0 8 2 lockfpl 104 7540 0 7535 14 13 1 2 0 8 0 lockfspl 48 2884 0 2880 1 0 1 1 0 8 0 sessionpl 144 121 0 102 1 0 1 1 0 8 0 pgrppl 48 1223 0 1204 1 0 1 1 0 8 0 ucredpl 104 20261 0 20244 1 0 1 1 0 8 0 zombiepl 144 25549 0 25546 5 4 1 1 0 8 0 processpl 1072 25594 0 25546 5 0 5 5 0 8 0 procpl 680 63247 0 63175 31 22 9 10 0 8 0 sosppl 168 275 0 275 26 26 0 1 0 8 0 sockpl 456 44490 0 44427 948 931 17 38 0 8 8 mcl64k 65536 1019 0 1019 61 60 1 1 0 8 1 mcl16k 16384 526 0 526 61 61 0 1 0 8 0 mcl12k 12288 870 0 870 67 66 1 1 0 8 1 mcl9k 9216 636 0 636 68 67 1 1 0 8 1 mcl8k 8192 1594 0 1594 43 42 1 3 0 8 1 mcl4k 4096 2894 0 2894 42 41 1 4 0 8 1 mcl2k2 2112 186 0 186 70 69 1 1 0 8 1 mcl2k 2048 121178 0 121120 110 100 10 44 0 8 1 mtagpl 96 3603 0 3394 36 30 6 14 0 8 0 mbufpl 256 507729 0 507362 951 926 25 130 0 8 0 bufpl 288 50689 0 43482 516 0 516 516 0 8 0 anonpl 24 2366756 0 2352588 265 156 109 120 0 188 0 amapchunkpl 152 714503 0 713534 226 185 41 52 0 158 0 amappl16 200 49438 0 48866 322 290 32 44 0 8 0 amappl15 192 11 0 11 1 1 0 1 0 8 0 amappl14 184 456 0 443 2 1 1 2 0 8 0 amappl13 176 142 0 141 1 0 1 1 0 8 0 amappl12 168 25965 0 25933 2 0 2 2 0 8 0 amappl11 160 51 0 40 1 0 1 1 0 8 0 amappl10 152 148 0 136 2 1 1 1 0 8 0 amappl9 144 315 0 315 38 38 0 1 0 8 0 amappl8 136 1011 0 892 6 1 5 5 0 8 0 amappl7 128 442 0 417 2 0 2 2 0 8 0 amappl6 120 1692 0 1679 1 0 1 1 0 8 0 amappl5 112 640 0 632 1 0 1 1 0 8 0 amappl4 104 1332 0 1305 2 1 1 2 0 8 0 amappl3 96 138538 0 138424 21 17 4 4 0 8 0 amappl2 88 25808 0 25734 3 1 2 3 0 8 0 amappl1 80 100429 0 99907 32 20 12 22 0 8 0 amappl 88 221533 0 221193 11 2 9 9 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 24333 0 24017 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 24333 0 24017 2 0 2 2 0 8 0 vmmpekpl 168 176277 0 176182 5 0 5 5 0 8 0 vmmpepl 168 1439129 0 1436308 689 530 159 165 0 357 12 vmsppl 352 24332 0 24017 30 1 29 30 0 8 0 rwobjpl 24 337815 0 328669 58 1 57 57 0 8 0 pdppl 4096 48672 0 48321 1660 1303 357 359 0 8 6 pvpl 32 6504912 0 6484991 694 502 192 361 0 265 0 pmappl 216 24332 0 24017 19 1 18 18 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 4215 0 3023 35 0 35 35 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285300a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4920,ffffffff8282cbbd,148,ffffffff829229b7) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff800035da2dc8,0,fffffd80761a20a0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd8067011200,0,fffffd80761a20a0,0,0,fffffd80761a2140) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000db0618) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8064f948f0,fffffd8067011700) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a679558,ffff800035da3270,ffff800035da31c0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff800035da3270) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x794738eb30, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285300a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4920,ffffffff8282cbbd,148,ffffffff829229b7) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff800035da2dc8,0,fffffd80761a20a0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd8067011200,0,fffffd80761a20a0,0,0,fffffd80761a2140) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000db0618) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8064f948f0,fffffd8067011700) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a679558,ffff800035da3270,ffff800035da31c0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff800035da3270) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x794738eb30, count: -10