panic: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *507631 32697 0 0 0x4000000 0 syz-executor.2 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80003437d548,0,fffffd80725d4098,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd805cec9300,0,fffffd80725d4098,0,0,fffffd80725d4138) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000df92f8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd807e4e72f8,fffffd805cec9b00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002f4f8010,ffff80003437d9f0,ffff80003437d940) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80003437d9f0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a22ea24650, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80003437d548,0,fffffd80725d4098,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd805cec9300,0,fffffd80725d4098,0,0,fffffd80725d4138) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000df92f8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd807e4e72f8,fffffd805cec9b00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002f4f8010,ffff80003437d9f0,ffff80003437d940) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80003437d9f0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a22ea24650, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003437d3a0 rbx 0x2 rdx 0xffff800000dbd740 rcx 0 rax 0xffff80002f4f8010 r8 0 r9 0x8080808080808080 r10 0x5b0c6275b6012c6b r11 0xc38361a11fe508f3 r12 0 r13 0xffff80003437d548 r14 0 r15 0x1 rip 0xffffffff81c11dcc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80003437d390 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.2) tid=507631 pid=32697 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=85, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002f4f9550,0xffff80002f4f9d58 process=0xffff8000ffff6e20 user=0xffff800034378000, vmspace=0xfffffd80779705f0 estcpu=35, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 19154 349510 37127 0 2 0x480 syz-executor.6 19154 324881 37127 0 3 0x4000080 fsleep syz-executor.6 49376 432372 98357 0 2 0 syz-executor.0 49376 231641 98357 0 2 0x4000000 syz-executor.0 49376 88816 98357 0 3 0x4000000 inode syz-executor.0 49376 513133 98357 0 3 0x4000080 fsleep syz-executor.0 32697 352315 89975 0 2 0 syz-executor.2 *32697 507631 89975 0 7 0x4000000 syz-executor.2 9811 517455 76787 0 2 0x480 syz-executor.5 9811 110279 76787 0 3 0x4000080 kqpoll syz-executor.5 9811 471029 76787 0 3 0x4000080 fsleep syz-executor.5 73777 365448 0 0 3 0x14280 nfsidl nfsio 68328 344257 0 0 3 0x14280 nfsidl nfsio 98789 75765 0 0 3 0x14280 nfsidl nfsio 7212 479274 0 0 3 0x14280 nfsidl nfsio 86166 20030 0 0 3 0x14280 nfsidl nfsio 48305 330049 0 0 3 0x14280 nfsidl nfsio 21799 161276 0 0 3 0x14280 nfsidl nfsio 50978 248634 0 0 3 0x14280 nfsidl nfsio 89260 469576 0 0 3 0x14280 nfsidl nfsio 56526 432176 0 0 3 0x14280 nfsidl nfsio 90834 248892 0 0 3 0x14280 nfsidl nfsio 43224 84830 0 0 3 0x14280 nfsidl nfsio 38535 364474 0 0 3 0x14280 nfsidl nfsio 94953 496960 0 0 3 0x14280 nfsidl nfsio 63950 522373 0 0 3 0x14280 nfsidl nfsio 72715 366907 0 0 3 0x14280 nfsidl nfsio 58376 157274 0 0 3 0x14280 nfsidl nfsio 35259 203509 0 0 3 0x14280 nfsidl nfsio 14919 128912 0 0 3 0x14280 nfsidl nfsio 5237 349229 0 0 3 0x14280 nfsidl nfsio 76787 374489 11368 0 2 0x482 syz-executor.5 6304 227875 11368 0 2 0x482 syz-executor.7 38671 187811 1 0 3 0x100083 ttyin getty 35295 292209 11368 0 2 0x482 syz-executor.4 222 245399 11368 0 2 0x482 syz-executor.1 37127 509713 11368 0 2 0x482 syz-executor.6 98357 366551 11368 0 2 0x482 syz-executor.0 66664 19626 11368 0 2 0x482 syz-executor.3 89975 512932 11368 0 2 0x482 syz-executor.2 99326 42133 0 0 3 0x14200 bored sosplice 11368 84128 30411 0 3 0x2000082 kqread syz-fuzzer 11368 55973 30411 0 3 0x6000082 thrsleep syz-fuzzer 11368 368640 30411 0 3 0x6000082 thrsleep syz-fuzzer 11368 285060 30411 0 3 0x6000082 wait syz-fuzzer 11368 306603 30411 0 3 0x6000082 wait syz-fuzzer 11368 34272 30411 0 3 0x6000082 wait syz-fuzzer 11368 155633 30411 0 3 0x6000082 wait syz-fuzzer 11368 124619 30411 0 3 0x6000082 thrsleep syz-fuzzer 11368 107164 30411 0 3 0x6000082 wait syz-fuzzer 11368 237816 30411 0 3 0x6000082 thrsleep syz-fuzzer 11368 304557 30411 0 3 0x6000082 wait syz-fuzzer 11368 501126 30411 0 3 0x6000082 wait syz-fuzzer 11368 6748 30411 0 3 0x6000082 wait syz-fuzzer 11368 322257 30411 0 3 0x6000082 thrsleep syz-fuzzer 30411 306864 24292 0 3 0x10008a sigsusp ksh 24292 20385 1982 0 3 0x9a kqread sshd 1982 79288 1 0 3 0x88 kqread sshd 29358 359677 28928 73 3 0x1100090 kqread syslogd 28928 98706 1 0 3 0x100082 netio syslogd 4143 71581 1 0 3 0x100080 kqread resolvd 1387 156394 67073 77 3 0x100092 kqread dhcpleased 91471 201780 67073 77 3 0x100092 kqread dhcpleased 67073 300955 1 0 3 0x80 kqread dhcpleased 54345 373940 0 0 3 0x14200 bored smr 3719 484390 0 0 2 0x14200 zerothread 17005 63559 0 0 3 0x14200 aiodoned aiodoned 7545 489642 0 0 3 0x14200 syncer update 33838 363868 0 0 3 0x14200 cleaner cleaner 81107 79909 0 0 3 0x14200 reaper reaper 27913 81606 0 0 3 0x14200 pgdaemon pagedaemon 64746 334155 0 0 3 0x14200 bored viomb 55785 105176 0 0 3 0x40014200 acpi0 acpi0 50715 362514 0 0 3 0x14200 bored softnet3 99257 479118 0 0 3 0x14200 bored softnet2 8161 304989 0 0 3 0x14200 bored softnet1 86228 202204 0 0 3 0x14200 bored softnet0 14253 120644 0 0 3 0x14200 bored systqmp 21832 149822 0 0 3 0x14200 bored systq 22085 352027 0 0 2 0x40014200 softclock 46410 79645 0 0 3 0x40014200 idle0 1 390251 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10208 6433K 7128K 166960K 55862 0 pcb 15 32K 40K 166960K 1873 0 rtable 203 14K 16K 166960K 2589 0 pf 29 8K 10K 166960K 417 0 ifaddr 37 11K 13K 166960K 344 0 ifgroup 50 2K 2K 166960K 614 0 sysctl 3 0K 2K 166960K 13 0 counters 30 17K 18K 166960K 204 0 ioctlops 0 0K 2K 166960K 945 0 iov 0 0K 32K 166960K 1926 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1562 98K 98K 166960K 12255 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 86 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 17 0 dirhash 15 2K 2K 166960K 93 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 73K 166960K 17960 0 sigio 0 0K 0K 166960K 808 0 proc 58 59K 75K 166960K 2143 0 subproc 104 6K 6K 166960K 598 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 759 0 in_multi 77 5K 7K 166960K 724 0 ether_multi 1 0K 0K 166960K 35 0 mrt 1 0K 0K 166960K 14 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 241 1076K 1076K 166960K 241 0 exec 0 0K 1K 166960K 3202 0 pfkey data 0 0K 0K 166960K 78 0 tdb 3 0K 0K 166960K 3 0 pagedep 1 8K 8K 166960K 1 0 inodedep 1 32K 32K 166960K 1 0 newblk 1 0K 0K 166960K 1 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 495 544K 545K 166960K 165069 0 UVM aobj 131 4K 4K 166960K 134 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 456 0 NDP 11 0K 1K 166960K 280 0 temp 74 6704K 6832K 166960K 159111 0 kqueue 12 18K 30K 166960K 1129 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1079 0 1076 16 15 1 5 0 8 0 rtentry 112 750 0 660 5 1 4 4 0 8 0 unpcb 144 17710 0 17697 138 137 1 9 0 8 0 syncache 320 139 0 139 33 33 0 1 0 8 0 tcpqe 32 290 0 290 25 25 0 1 0 8 0 tcpcb 808 4668 0 4660 152 150 2 15 0 8 0 arp 88 145 0 131 1 0 1 1 0 8 0 ipq 40 18 0 17 8 7 1 1 0 8 0 ipqe 40 84 0 83 8 7 1 1 0 8 0 inpcb 344 14208 0 13771 287 241 46 53 0 8 5 nd6 104 151 0 131 1 0 1 1 0 8 0 pkpcb 40 291 0 291 18 17 1 1 0 8 1 kcovpl 48 45 0 37 1 0 1 1 0 8 0 ppxss 1072 86 0 86 23 23 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2452 0 2074 66 36 30 30 0 8 0 art_table 32 2453 0 2074 5 1 4 4 0 8 0 art_node 16 670 0 588 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 0 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 12 0 2 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 71 0 52 3 0 3 3 0 8 0 dino2pl 256 24514 0 23003 95 0 95 95 0 8 0 ffsino 240 24514 0 23003 90 0 90 90 0 8 0 nchpl 144 48687 0 47030 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 158181 0 158178 13 12 1 3 0 8 0 vcpupl 2048 108 0 1 14 0 14 14 0 8 0 vmpool 664 143 0 36 9 0 9 9 0 8 0 kstatmem 264 370 0 348 3 1 2 3 0 8 0 scxspl 216 145783 0 145783 29 27 2 8 1 8 2 plimitpl 152 2070 0 2055 1 0 1 1 0 8 0 sigapl 424 18942 0 18876 9 1 8 8 0 8 0 futexpl 64 162938 0 162935 2 1 1 1 0 8 0 knotepl 120 151876 0 151794 41 38 3 11 0 8 0 kqueuepl 184 3046 0 3037 53 49 4 6 0 8 3 pipepl 288 3452 0 3424 97 94 3 11 0 8 0 fdescpl 432 18162 0 18137 5 1 4 4 0 8 0 filepl 120 108602 0 108364 198 186 12 19 0 8 2 lockfpl 104 6388 0 6386 6 5 1 2 0 8 0 lockfspl 48 2715 0 2713 1 0 1 1 0 8 0 sessionpl 144 62 0 46 1 0 1 1 0 8 0 pgrppl 48 252 0 236 1 0 1 1 0 8 0 ucredpl 104 11731 0 11719 1 0 1 1 0 8 0 zombiepl 144 18880 0 18876 2 1 1 1 0 8 0 processpl 1072 18942 0 18876 5 0 5 5 0 8 0 procpl 680 45024 0 44938 23 14 9 9 0 8 0 sosppl 168 186 0 186 28 27 1 1 0 8 1 sockpl 456 33439 0 32986 723 657 66 83 0 8 8 mcl64k 65536 606 0 606 52 51 1 1 0 8 1 mcl16k 16384 344 0 344 52 51 1 1 0 8 1 mcl12k 12288 632 0 632 56 55 1 1 0 8 1 mcl9k 9216 293 0 293 53 52 1 1 0 8 1 mcl8k 8192 2042 0 2042 40 39 1 1 0 8 1 mcl4k 4096 2031 0 2031 30 29 1 1 0 8 1 mcl2k2 2112 95 0 95 40 39 1 1 0 8 1 mcl2k 2048 103929 0 103846 71 60 11 33 0 8 0 mtagpl 96 3722 0 3539 26 20 6 16 0 8 0 mbufpl 256 362585 0 362295 1230 1195 35 427 0 8 0 bufpl 288 32724 0 26334 457 0 457 457 0 8 0 anonpl 24 1626590 0 1612291 219 119 100 149 0 188 0 amapchunkpl 152 527909 0 527056 178 139 39 64 0 158 1 amappl16 200 31779 0 31282 123 96 27 40 0 8 0 amappl15 192 21 0 20 1 0 1 1 0 8 0 amappl14 184 272 0 259 2 0 2 2 0 8 0 amappl13 176 93 0 91 1 0 1 1 0 8 0 amappl12 168 19342 0 19315 2 0 2 2 0 8 0 amappl11 160 53 0 43 1 0 1 1 0 8 0 amappl10 152 72 0 61 2 1 1 1 0 8 0 amappl9 144 262 0 262 37 36 1 1 0 8 1 amappl8 136 618 0 501 6 1 5 5 0 8 0 amappl7 128 308 0 283 2 0 2 2 0 8 0 amappl6 120 898 0 890 1 0 1 1 0 8 0 amappl5 112 422 0 414 1 0 1 1 0 8 0 amappl4 104 785 0 760 2 1 1 2 0 8 0 amappl3 96 103425 0 103334 3 0 3 3 0 8 0 amappl2 88 19427 0 19353 3 1 2 3 0 8 0 amappl1 80 74885 0 74386 22 10 12 22 0 8 0 amappl 88 163947 0 163681 9 2 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 18305 0 18173 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 18305 0 18173 1 0 1 1 0 8 0 vmmpekpl 168 125973 0 125902 5 1 4 4 0 8 0 vmmpepl 168 1056443 0 1054085 412 285 127 141 0 357 0 vmsppl 352 18304 0 18173 15 2 13 13 0 8 0 rwobjpl 24 241986 0 234331 51 3 48 48 0 8 0 pdppl 4096 36616 0 36453 968 797 171 171 0 8 8 pvpl 32 4686768 0 4666766 524 345 179 362 0 265 0 pmappl 216 18304 0 18173 9 1 8 8 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3457 0 2530 38 10 28 38 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80003437d548,0,fffffd80725d4098,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd805cec9300,0,fffffd80725d4098,0,0,fffffd80725d4138) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000df92f8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd807e4e72f8,fffffd805cec9b00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002f4f8010,ffff80003437d9f0,ffff80003437d940) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80003437d9f0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a22ea24650, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80003437d548,0,fffffd80725d4098,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd805cec9300,0,fffffd80725d4098,0,0,fffffd80725d4138) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000df92f8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd807e4e72f8,fffffd805cec9b00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002f4f8010,ffff80003437d9f0,ffff80003437d940) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80003437d9f0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a22ea24650, count: -10