panic: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *155790 96251 0 0 0x4000000 0 syz-executor.3 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80002a632ed8,0,fffffd807748f9e0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806c5d7a00,0,fffffd807748f9e0,0,0,fffffd807748fa80) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000f3ace8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd80765e58f0,fffffd806c5d7200) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a62c560,ffff80002a633380,ffff80002a6332d0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80002a633380) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd10114c8650, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80002a632ed8,0,fffffd807748f9e0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806c5d7a00,0,fffffd807748f9e0,0,0,fffffd807748fa80) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000f3ace8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd80765e58f0,fffffd806c5d7200) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a62c560,ffff80002a633380,ffff80002a6332d0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80002a633380) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd10114c8650, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a632d30 rbx 0x2 rdx 0xffff800000e2ca00 rcx 0 rax 0xffff80002a62c560 r8 0 r9 0x8080808080808080 r10 0x8672e662d8b36880 r11 0xbcb3afae074eb5d0 r12 0 r13 0xffff80002a632ed8 r14 0 r15 0x1 rip 0xffffffff81c11dcc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002a632d20 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) tid=155790 pid=96251 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a62c010,0xffffffff82daf160 process=0xffff80002f550018 user=0xffff80002a62e000, vmspace=0xfffffd805e28c028 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 96251 320983 80873 0 2 0 syz-executor.3 *96251 155790 80873 0 7 0x4000000 syz-executor.3 97495 174762 84129 0 2 0 syz-executor.2 97495 474059 84129 0 3 0x4000080 fsleep syz-executor.2 55975 515353 78352 0 2 0x2 syz-executor.1 79012 71721 1 0 3 0x3000 suspend syz-executor.1 79012 70698 1 0 2 0x4081000 syz-executor.1 54930 294512 78352 0 2 0x2 syz-executor.0 46731 166153 0 0 3 0x14280 nfsidl nfsio 43394 321082 0 0 3 0x14280 nfsidl nfsio 49418 485183 0 0 3 0x14280 nfsidl nfsio 63276 30769 0 0 3 0x14280 nfsidl nfsio 18433 100265 0 0 3 0x14280 nfsidl nfsio 87710 311111 0 0 3 0x14280 nfsidl nfsio 20165 317774 0 0 3 0x14280 nfsidl nfsio 60589 143102 0 0 3 0x14280 nfsidl nfsio 62682 97745 0 0 3 0x14280 nfsidl nfsio 50088 144455 0 0 3 0x14280 nfsidl nfsio 98453 353016 0 0 3 0x14280 nfsidl nfsio 50909 357061 0 0 3 0x14280 nfsidl nfsio 99419 261093 0 0 3 0x14280 nfsidl nfsio 24527 153863 0 0 3 0x14280 nfsidl nfsio 56926 210726 0 0 3 0x14280 nfsidl nfsio 48765 21165 0 0 3 0x14280 nfsidl nfsio 9933 238549 0 0 3 0x14280 nfsidl nfsio 64803 261951 0 0 3 0x14280 nfsidl nfsio 99525 61424 0 0 3 0x14280 nfsidl nfsio 98060 243115 0 0 3 0x14280 nfsidl nfsio 30730 362510 78352 0 2 0x482 syz-executor.5 83550 455866 78352 0 2 0x2 syz-executor.7 30527 359747 0 0 3 0x14200 acct acct 80873 509 78352 0 2 0x482 syz-executor.3 96679 352260 78352 0 2 0x2 syz-executor.6 38592 105316 0 0 3 0x14200 bored sosplice 92671 268723 78352 0 2 0x482 syz-executor.4 84129 466947 78352 0 3 0x82 nanoslp syz-executor.2 78352 142891 97638 0 3 0x2000082 wait syz-fuzzer 78352 354215 97638 0 3 0x6000082 nanoslp syz-fuzzer 78352 195723 97638 0 3 0x6000082 wait syz-fuzzer 78352 282187 97638 0 3 0x6000082 kqread syz-fuzzer 78352 150895 97638 0 3 0x6000082 thrsleep syz-fuzzer 78352 337280 97638 0 3 0x6000082 thrsleep syz-fuzzer 78352 324350 97638 0 3 0x6000082 wait syz-fuzzer 78352 214325 97638 0 3 0x6000082 wait syz-fuzzer 78352 487538 97638 0 3 0x6000082 wait syz-fuzzer 78352 488889 97638 0 3 0x6000082 wait syz-fuzzer 78352 503322 97638 0 3 0x6000082 thrsleep syz-fuzzer 78352 424045 97638 0 3 0x6000082 wait syz-fuzzer 78352 432775 97638 0 3 0x6000082 thrsleep syz-fuzzer 78352 74538 97638 0 3 0x6000082 wait syz-fuzzer 97638 265792 66310 0 3 0x10008a sigsusp ksh 66310 229299 65621 0 3 0x9a kqread sshd 89492 141734 1 0 3 0x100083 ttyin getty 65621 461516 1 0 3 0x88 kqread sshd 49466 8689 16053 73 3 0x1100090 kqread syslogd 16053 401831 1 0 3 0x100082 netio syslogd 9238 381605 1 0 3 0x100080 kqread resolvd 4456 29165 0 0 3 0x14200 bored smr 39758 4534 0 0 2 0x14200 zerothread 18557 84427 0 0 3 0x14200 aiodoned aiodoned 89530 515996 0 0 3 0x14200 syncer update 80657 59260 0 0 3 0x14200 cleaner cleaner 98166 424185 0 0 3 0x14200 reaper reaper 50277 470467 0 0 3 0x14200 pgdaemon pagedaemon 30106 208755 0 0 3 0x14200 bored viomb 28835 162087 0 0 3 0x40014200 acpi0 acpi0 87629 48116 0 0 3 0x14200 bored softnet3 93574 198168 0 0 3 0x14200 bored softnet2 91346 85966 0 0 3 0x14200 bored softnet1 93488 34026 0 0 3 0x14200 bored softnet0 22692 449667 0 0 3 0x14200 bored systqmp 17657 293374 0 0 3 0x14200 bored systq 63190 420881 0 0 2 0x40014200 softclock 16921 134740 0 0 3 0x40014200 idle0 1 247576 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10197 6493K 7526K 166960K 21026 0 pcb 15 20K 22K 166960K 868 0 rtable 199 14K 16K 166960K 1430 0 pf 31 9K 10K 166960K 256 0 ifaddr 37 10K 12K 166960K 197 0 ifgroup 54 2K 2K 166960K 411 0 sysctl 2 0K 0K 166960K 2 0 counters 31 17K 17K 166960K 124 0 ioctlops 0 0K 2K 166960K 510 0 iov 0 0K 32K 166960K 1006 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1498 94K 94K 166960K 5273 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 122 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 1549 0 dirhash 12 2K 2K 166960K 27 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 13 45K 73K 166960K 7577 0 sigio 0 0K 0K 166960K 184 0 proc 51 42K 83K 166960K 1208 0 subproc 117 7K 8K 166960K 299 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 549 0 in_multi 78 5K 7K 166960K 357 0 ether_multi 1 0K 0K 166960K 7 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 2835 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 pagedep 1 8K 8K 166960K 1 0 inodedep 1 32K 32K 166960K 1 0 newblk 1 0K 0K 166960K 1 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 392 346K 355K 166960K 72050 0 UVM aobj 131 6K 6K 166960K 137 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 298 0 NDP 12 0K 2K 166960K 158 0 temp 78 6704K 6832K 166960K 98363 0 kqueue 6 10K 26K 166960K 606 0 SYN cache 2 2456K 2464K 166960K 4 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 369 0 368 4 3 1 2 0 8 0 rtentry 112 452 0 364 4 0 4 4 0 8 0 unpcb 144 6613 0 6604 76 75 1 8 0 8 0 syncache 320 67 0 67 13 13 0 1 0 8 0 tcpqe 32 376 0 376 9 9 0 2 0 8 0 tcpcb 808 4491 0 4477 125 123 2 14 0 8 0 arp 88 58 0 46 1 0 1 1 0 8 0 ipq 40 12 0 12 5 5 0 1 0 8 0 ipqe 40 35 0 35 5 5 0 1 0 8 0 inpcb 344 9291 0 9277 143 141 2 19 0 8 0 nd6 104 192 0 172 1 0 1 1 0 8 0 pkpcb 40 28 0 28 5 5 0 1 0 8 0 kcovpl 48 23 0 14 1 0 1 1 0 8 0 ppxss 1072 27 0 27 7 7 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2136 0 1708 43 16 27 31 0 8 0 art_table 32 2137 0 1708 4 0 4 4 0 8 0 art_node 16 445 0 364 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 11 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 1545 0 1535 1 0 1 1 0 8 0 shmpl 112 134 0 6 4 0 4 4 0 8 0 dirhash 1024 27 0 10 3 0 3 3 0 8 0 dino2pl 256 11923 0 10442 93 0 93 93 0 8 0 ffsino 240 11923 0 10442 88 0 88 88 0 8 0 nchpl 144 22400 0 20752 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 80554 0 80554 13 12 1 3 0 8 1 vcpupl 2048 243 0 0 31 0 31 31 0 8 0 vmpool 664 263 0 20 21 0 21 21 0 8 0 kstatmem 264 210 0 186 2 0 2 2 0 8 0 scxspl 216 69911 0 69911 28 27 1 8 1 8 1 plimitpl 152 1188 0 1172 1 0 1 1 0 8 0 sigapl 424 8169 0 8108 9 1 8 8 0 8 0 futexpl 64 76452 0 76451 7 6 1 1 0 8 0 knotepl 120 69356 0 69290 19 15 4 10 0 8 0 kqueuepl 184 1451 0 1446 20 19 1 7 0 8 0 pipepl 288 1865 0 1836 51 48 3 11 0 8 0 fdescpl 432 7831 0 7810 4 0 4 4 0 8 0 filepl 120 54566 0 54324 101 91 10 19 0 8 0 lockfpl 104 2486 0 2485 5 4 1 2 0 8 0 lockfspl 48 749 0 748 1 0 1 1 0 8 0 sessionpl 144 38 0 22 1 0 1 1 0 8 0 pgrppl 48 126 0 110 1 0 1 1 0 8 0 ucredpl 104 8253 0 8245 1 0 1 1 0 8 0 zombiepl 144 8111 0 8108 1 0 1 1 0 8 0 processpl 1072 8169 0 8108 5 0 5 5 0 8 0 procpl 680 19791 0 19714 19 11 8 9 0 8 0 sosppl 168 136 0 136 15 15 0 1 0 8 0 sockpl 456 16316 0 16292 359 355 4 36 0 8 0 mcl64k 65536 363 0 363 28 28 0 1 0 8 0 mcl16k 16384 182 0 182 25 25 0 1 0 8 0 mcl12k 12288 328 0 328 23 22 1 1 0 8 1 mcl9k 9216 130 0 130 22 21 1 1 0 8 1 mcl8k 8192 561 0 561 19 18 1 1 0 8 1 mcl4k 4096 865 0 865 14 13 1 2 0 8 1 mcl2k2 2112 71 0 71 21 21 0 1 0 8 0 mcl2k 2048 85901 0 85855 95 87 8 30 0 8 1 mtagpl 96 1133 0 1085 16 9 7 14 0 8 0 mbufpl 256 225949 0 225561 394 343 51 119 0 8 0 bufpl 288 18223 0 11830 457 0 457 457 0 8 0 anonpl 24 848026 0 831337 256 134 122 155 0 188 0 amapchunkpl 152 231128 0 230359 108 71 37 65 0 158 0 amappl16 200 16827 0 16157 109 65 44 57 0 8 0 amappl15 192 78 0 78 1 1 0 1 0 8 0 amappl14 184 205 0 195 2 1 1 2 0 8 0 amappl13 176 60 0 57 1 0 1 1 0 8 0 amappl12 168 8705 0 8679 2 0 2 2 0 8 0 amappl11 160 47 0 43 1 0 1 1 0 8 0 amappl10 152 46 0 36 1 0 1 1 0 8 0 amappl9 144 193 0 192 1 0 1 1 0 8 0 amappl8 136 446 0 347 4 0 4 4 0 8 0 amappl7 128 236 0 217 2 0 2 2 0 8 0 amappl6 120 541 0 527 1 0 1 1 0 8 0 amappl5 112 273 0 268 1 0 1 1 0 8 0 amappl4 104 675 0 653 2 1 1 2 0 8 0 amappl3 96 45484 0 45421 3 0 3 3 0 8 0 amappl2 88 8619 0 8566 3 1 2 3 0 8 0 amappl1 80 37001 0 36594 22 11 11 22 0 8 0 amappl 88 71235 0 71023 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 136 0 6 3 0 3 3 0 8 0 uaddrrnd 24 8094 0 7830 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 8094 0 7830 2 0 2 2 0 8 0 vmmpekpl 168 58478 0 58384 5 0 5 5 0 8 0 vmmpepl 168 473102 0 470655 386 257 129 146 0 357 0 vmsppl 352 8093 0 7830 27 2 25 25 0 8 0 rwobjpl 24 118460 0 110818 50 2 48 49 0 8 0 pdppl 4096 16194 0 15903 801 500 301 305 0 8 10 pvpl 32 2294502 0 2272900 482 274 208 361 0 265 4 pmappl 216 8093 0 7830 16 0 16 16 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2303 0 1226 34 1 33 34 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80002a632ed8,0,fffffd807748f9e0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806c5d7a00,0,fffffd807748f9e0,0,0,fffffd807748fa80) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000f3ace8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd80765e58f0,fffffd806c5d7200) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a62c560,ffff80002a633380,ffff80002a6332d0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80002a633380) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd10114c8650, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285182e) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4fce,ffffffff8282b90f,148,ffffffff82921058) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80002a632ed8,0,fffffd807748f9e0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806c5d7a00,0,fffffd807748f9e0,0,0,fffffd807748fa80) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000f3ace8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd80765e58f0,fffffd806c5d7200) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a62c560,ffff80002a633380,ffff80002a6332d0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80002a633380) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd10114c8650, count: -10