panic: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *421923 67910 60928 0x10 0x4000000 0 syz-executor.7 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8284c796) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d3b2f,ffffffff828306f8,148,ffffffff8292603e) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff800032c2b3b8,0,fffffd8077201c90,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd8069959300,0,fffffd8077201c90,0,0,fffffd8077201d30) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000e39358) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd806d7742b8,fffffd8077d8eb00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a64d540,ffff800032c2b860,ffff800032c2b7b0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff800032c2b860) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1ae5cbf2710, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8284c796) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d3b2f,ffffffff828306f8,148,ffffffff8292603e) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff800032c2b3b8,0,fffffd8077201c90,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd8069959300,0,fffffd8077201c90,0,0,fffffd8077201d30) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000e39358) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd806d7742b8,fffffd8077d8eb00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a64d540,ffff800032c2b860,ffff800032c2b7b0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff800032c2b860) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1ae5cbf2710, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800032c2b210 rbx 0x2 rdx 0xffff800000dd12c0 rcx 0 rax 0xffff80002a64d540 r8 0 r9 0x8080808080808080 r10 0x3e1eae071aa33446 r11 0x7649a8b261015a62 r12 0 r13 0xffff800032c2b3b8 r14 0 r15 0x1 rip 0xffffffff81e5430c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800032c2b200 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.7) tid=421923 pid=67910 tcnt=2 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=81, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002f505558,0xffff80002a679020 process=0xffff80002f54c880 user=0xffff800032c26000, vmspace=0xfffffd806e151198 estcpu=31, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 50324 147822 30632 0 3 0x80 nanoslp syz-executor.4 50324 31797 30632 0 3 0x4000080 fsleep syz-executor.4 99733 226178 55474 0 2 0 syz-executor.1 99733 97535 55474 0 3 0x4000080 fsleep syz-executor.1 67910 287435 23552 60928 2 0x10 syz-executor.7 *67910 421923 23552 60928 7 0x4000010 syz-executor.7 6782 92279 12878 0 2 0x480 syz-executor.2 6782 430458 12878 0 3 0x4000080 netcon2 syz-executor.2 6782 393058 12878 0 3 0x4000080 fsleep syz-executor.2 93279 146890 9247 0 2 0x480 syz-executor.6 93279 332903 9247 0 3 0x4000080 kqread syz-executor.6 93279 415942 9247 0 3 0x4000080 fsleep syz-executor.6 93279 160573 9247 0 3 0x4000080 fsleep syz-executor.6 42749 16841 1 0 3 0x100083 ttyin getty 49253 481259 83670 0 2 0x2 syz-executor.5 46874 54383 83670 0 2 0x482 syz-executor.3 34169 405727 0 0 3 0x14280 nfsidl nfsio 69654 212374 0 0 3 0x14280 nfsidl nfsio 24670 213401 0 0 3 0x14280 nfsidl nfsio 90195 456645 0 0 3 0x14280 nfsidl nfsio 46250 440579 0 0 3 0x14280 nfsidl nfsio 54142 228401 0 0 3 0x14280 nfsidl nfsio 87853 383704 0 0 3 0x14280 nfsidl nfsio 45064 493604 0 0 3 0x14280 nfsidl nfsio 79314 200770 0 0 3 0x14280 nfsidl nfsio 3594 518089 0 0 3 0x14280 nfsidl nfsio 73154 444611 0 0 3 0x14280 nfsidl nfsio 51397 56817 0 0 3 0x14280 nfsidl nfsio 41573 112422 0 0 3 0x14280 nfsidl nfsio 99249 404324 0 0 3 0x14280 nfsidl nfsio 68687 176634 0 0 3 0x14280 nfsidl nfsio 29214 286435 0 0 3 0x14280 nfsidl nfsio 14913 488744 0 0 3 0x14280 nfsidl nfsio 22687 30226 0 0 3 0x14280 nfsidl nfsio 84878 331006 0 0 3 0x14280 nfsidl nfsio 39303 471783 0 0 3 0x14280 nfsidl nfsio 30632 141190 83670 0 3 0x82 nanoslp syz-executor.4 97677 418658 83670 0 2 0x482 syz-executor.0 52504 73209 0 0 3 0x14200 bored sosplice 12878 253667 83670 0 3 0x82 nanoslp syz-executor.2 9247 416473 83670 0 3 0x82 nanoslp syz-executor.6 23552 465822 83670 0 3 0x82 nanoslp syz-executor.7 55474 521172 83670 0 2 0x482 syz-executor.1 83670 463725 34352 0 3 0x2000082 thrsleep syz-fuzzer 83670 49775 34352 0 2 0x6000482 syz-fuzzer 83670 84092 34352 0 3 0x6000082 wait syz-fuzzer 83670 374219 34352 0 3 0x6000082 wait syz-fuzzer 83670 424607 34352 0 3 0x6000082 wait syz-fuzzer 83670 90132 34352 0 3 0x6000082 thrsleep syz-fuzzer 83670 419959 34352 0 3 0x6000082 wait syz-fuzzer 83670 106440 34352 0 3 0x6000082 wait syz-fuzzer 83670 283120 34352 0 3 0x6000082 kqread syz-fuzzer 83670 363751 34352 0 3 0x6000082 wait syz-fuzzer 83670 360702 34352 0 3 0x6000082 thrsleep syz-fuzzer 83670 311207 34352 0 3 0x6000082 wait syz-fuzzer 83670 451749 34352 0 3 0x6000082 wait syz-fuzzer 83670 43188 34352 0 3 0x6000082 thrsleep syz-fuzzer 34352 316444 7567 0 3 0x10008a sigsusp ksh 7567 516369 2196 0 3 0x9a kqread sshd 2196 488431 1 0 3 0x88 kqread sshd 72667 435005 8919 73 3 0x1100090 kqread syslogd 8919 198618 1 0 3 0x100082 netio syslogd 11103 300695 1 0 3 0x100080 kqread resolvd 79494 229787 11807 77 3 0x100092 kqread dhcpleased 10835 90701 11807 77 3 0x100092 kqread dhcpleased 11807 1395 1 0 3 0x80 kqread dhcpleased 43140 285261 0 0 3 0x14200 bored smr 43815 245528 0 0 2 0x14200 zerothread 83080 243538 0 0 3 0x14200 aiodoned aiodoned 65666 88639 0 0 3 0x14200 syncer update 41852 315949 0 0 3 0x14200 cleaner cleaner 42359 64124 0 0 3 0x14200 reaper reaper 16513 82084 0 0 3 0x14200 pgdaemon pagedaemon 20946 425556 0 0 3 0x14200 bored viomb 94594 390031 0 0 3 0x40014200 acpi0 acpi0 99864 163291 0 0 3 0x14200 bored softnet3 18026 61148 0 0 3 0x14200 bored softnet2 23307 8631 0 0 3 0x14200 bored softnet1 58941 84084 0 0 3 0x14200 bored softnet0 42188 24513 0 0 3 0x14200 bored systqmp 73403 517980 0 0 3 0x14200 bored systq 60755 138034 0 0 3 0x40014200 tmoslp softclock 95472 464802 0 0 3 0x40014200 idle0 1 201178 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10267 6509K 6876K 166960K 14092 0 pcb 15 15K 17K 166960K 242 0 rtable 210 6K 7K 166960K 768 0 pf 27 8K 9K 166960K 96 0 ifaddr 38 10K 11K 166960K 110 0 ifgroup 46 2K 2K 166960K 149 0 sysctl 3 0K 2K 166960K 9 0 counters 29 17K 17K 166960K 62 0 ioctlops 0 0K 2K 166960K 183 0 iov 0 0K 32K 166960K 355 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1410 88K 88K 166960K 2452 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 42 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 115 0 dirhash 12 2K 3K 166960K 45 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 81K 166960K 2159 0 sigio 0 0K 0K 166960K 205 0 proc 58 59K 75K 166960K 785 0 subproc 104 6K 6K 166960K 221 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 125 0 in_multi 77 5K 7K 166960K 222 0 ether_multi 1 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 241 1076K 1076K 166960K 241 0 exec 0 0K 1K 166960K 693 0 tdb 3 0K 0K 166960K 3 0 pagedep 1 8K 8K 166960K 1 0 inodedep 1 32K 32K 166960K 1 0 newblk 1 0K 0K 166960K 1 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 358 92K 102K 166960K 21736 0 UVM aobj 71 5K 5K 166960K 79 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 55 0 NDP 10 0K 1K 166960K 77 0 temp 74 6708K 6896K 166960K 27502 0 kqueue 12 18K 28K 166960K 185 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 237 0 234 4 3 1 3 0 8 0 rtentry 112 218 0 123 5 2 3 4 0 8 0 unpcb 144 1616 0 1603 25 19 6 6 0 8 5 syncache 320 19 0 19 6 5 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 162 0 162 5 5 0 1 0 8 0 tcpcb 808 868 0 819 30 18 12 12 0 8 5 arp 88 39 0 22 1 0 1 1 0 8 0 inpcb 344 1753 0 1696 34 23 11 15 0 8 4 nd6 104 52 0 34 1 0 1 1 0 8 0 pkpcb 40 36 0 36 2 2 0 1 0 8 0 kcovpl 48 17 0 9 1 0 1 1 0 8 0 ppxss 1072 16 0 16 3 3 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 863 0 488 31 7 24 29 0 8 0 art_table 32 864 0 488 4 0 4 4 0 8 0 art_node 16 217 0 134 1 0 1 1 0 8 0 sysvmsgpl 40 41 0 3 1 0 1 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 110 0 100 1 0 1 1 0 8 0 shmpl 112 76 0 8 2 0 2 2 0 8 0 dirhash 1024 39 0 22 3 0 3 3 0 8 0 dino2pl 256 4106 0 2648 92 0 92 92 0 8 0 ffsino 240 4106 0 2648 86 0 86 86 0 8 0 nchpl 144 7079 0 5438 63 0 63 63 0 8 0 uvmvnodes 80 5154 0 0 106 0 106 106 0 8 0 vnodes 216 5154 0 0 287 0 287 287 0 8 0 namei 1024 26113 0 26112 5 4 1 3 0 8 0 vcpupl 2048 51 0 0 7 0 7 7 0 8 0 vmpool 664 57 0 6 5 0 5 5 0 8 0 kstatmem 264 86 0 66 2 0 2 2 0 8 0 scxspl 216 23732 0 23732 13 11 2 8 1 8 2 plimitpl 152 272 0 257 1 0 1 1 0 8 0 sigapl 424 2463 0 2398 8 0 8 8 0 8 0 futexpl 64 19596 0 19591 1 0 1 1 0 8 0 knotepl 120 22057 0 21975 11 7 4 11 0 8 0 kqueuepl 184 340 0 331 4 3 1 3 0 8 0 pipepl 288 589 0 561 15 12 3 7 0 8 0 fdescpl 432 2426 0 2399 4 0 4 4 0 8 0 filepl 120 14924 0 14582 38 24 14 15 0 8 1 lockfpl 104 652 0 650 2 1 1 2 0 8 0 lockfspl 48 295 0 293 1 0 1 1 0 8 0 sessionpl 144 33 0 17 1 0 1 1 0 8 0 pgrppl 48 44 0 28 1 0 1 1 0 8 0 ucredpl 104 1901 0 1889 1 0 1 1 0 8 0 zombiepl 144 2400 0 2398 1 0 1 1 0 8 0 processpl 1072 2463 0 2398 5 0 5 5 0 8 0 procpl 680 5584 0 5498 9 0 9 9 0 8 0 sosppl 168 24 0 24 4 3 1 1 0 8 1 sockpl 456 3651 0 3581 84 63 21 31 0 8 10 mcl64k 65536 67 0 67 6 5 1 1 0 8 1 mcl16k 16384 47 0 47 6 5 1 1 0 8 1 mcl12k 12288 86 0 86 4 3 1 1 0 8 1 mcl9k 9216 44 0 44 5 4 1 1 0 8 1 mcl8k 8192 174 0 174 4 3 1 1 0 8 1 mcl4k 4096 238 0 238 4 3 1 1 0 8 1 mcl2k2 2112 10 0 10 5 5 0 1 0 8 0 mcl2k 2048 69713 0 69558 45 24 21 29 0 8 0 mtagpl 96 448 0 196 10 2 8 9 0 8 0 mbufpl 256 131871 0 131446 189 154 35 81 0 8 0 bufpl 288 8770 0 2379 457 0 457 457 0 8 0 anonpl 24 387757 0 374111 123 24 99 104 0 188 10 amapchunkpl 152 69973 0 69084 50 9 41 43 0 158 5 amappl16 200 9702 0 9258 38 14 24 33 0 8 0 amappl15 192 18 0 17 1 0 1 1 0 8 0 amappl14 184 172 0 161 2 1 1 2 0 8 0 amappl13 176 52 0 49 1 0 1 1 0 8 0 amappl12 168 3193 0 3162 2 0 2 2 0 8 0 amappl11 160 46 0 36 1 0 1 1 0 8 0 amappl10 152 43 0 35 2 1 1 1 0 8 0 amappl9 144 132 0 130 1 0 1 1 0 8 0 amappl8 136 216 0 162 2 0 2 2 0 8 0 amappl7 128 193 0 172 2 0 2 2 0 8 0 amappl6 120 379 0 370 1 0 1 1 0 8 0 amappl5 112 151 0 142 1 0 1 1 0 8 0 amappl4 104 479 0 459 2 1 1 2 0 8 0 amappl3 96 14225 0 14128 3 0 3 3 0 8 0 amappl2 88 2988 0 2917 3 1 2 3 0 8 0 amappl1 80 17420 0 16903 22 10 12 22 0 8 0 amappl 88 21095 0 20862 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 78 0 8 2 0 2 2 0 8 0 uaddrrnd 24 2483 0 2405 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2483 0 2405 1 0 1 1 0 8 0 vmmpekpl 168 23298 0 23233 4 0 4 4 0 8 0 vmmpepl 168 166346 0 163986 170 53 117 121 0 357 9 vmsppl 352 2482 0 2405 8 0 8 8 0 8 0 rwobjpl 24 51575 0 44875 43 2 41 41 0 8 0 pdppl 4096 4972 0 4861 233 118 115 115 0 8 4 pvpl 32 916518 0 897300 421 239 182 361 0 265 22 pmappl 216 2482 0 2405 6 1 5 5 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1226 0 355 26 0 26 26 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8284c796) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d3b2f,ffffffff828306f8,148,ffffffff8292603e) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff800032c2b3b8,0,fffffd8077201c90,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd8069959300,0,fffffd8077201c90,0,0,fffffd8077201d30) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000e39358) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd806d7742b8,fffffd8077d8eb00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a64d540,ffff800032c2b860,ffff800032c2b7b0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff800032c2b860) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1ae5cbf2710, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8284c796) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d3b2f,ffffffff828306f8,148,ffffffff8292603e) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff800032c2b3b8,0,fffffd8077201c90,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd8069959300,0,fffffd8077201c90,0,0,fffffd8077201d30) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000e39358) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd806d7742b8,fffffd8077d8eb00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a64d540,ffff800032c2b860,ffff800032c2b7b0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff800032c2b860) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1ae5cbf2710, count: -10