panic: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 68677 49605 0 0 0x4000000 0 syz-executor.6 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285300a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4920,ffffffff8282cbbd,148,ffffffff829229b7) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff8000377d8da8,ffff800000de4400,fffffd8064c784b0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806322a300,ffff800000de4400,fffffd8064c784b0,0,0,fffffd8064c78550) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000fd7ff0) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd806ba183d8,fffffd806322ab00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a6b4ff8,ffff8000377d9250,ffff8000377d91a0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff8000377d9250) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x88fc24ce000, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285300a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4920,ffffffff8282cbbd,148,ffffffff829229b7) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff8000377d8da8,ffff800000de4400,fffffd8064c784b0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806322a300,ffff800000de4400,fffffd8064c784b0,0,0,fffffd8064c78550) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000fd7ff0) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd806ba183d8,fffffd806322ab00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a6b4ff8,ffff8000377d9250,ffff8000377d91a0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff8000377d9250) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x88fc24ce000, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000377d8c00 rbx 0x2 rdx 0xffff800000e45340 rcx 0 rax 0xffff80002a6b4ff8 r8 0 r9 0x8080808080808080 r10 0x56d061c16f30c226 r11 0xb463a478e1520b28 r12 0 r13 0xffff8000377d8da8 r14 0 r15 0x1 rip 0xffffffff813c0b6c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000377d8bf0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.6) tid=68677 pid=49605 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a6b4d50,0xffff80002a5f7560 process=0xffff8000343bf688 user=0xffff8000377d4000, vmspace=0xfffffd80609aa730 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 82668 106938 50461 0 2 0x10 syz-executor.1 82668 315976 50461 0 3 0x4000090 fsleep syz-executor.1 49605 470400 24149 0 2 0 syz-executor.6 *49605 68677 24149 0 7 0x4000000 syz-executor.6 61824 196459 0 0 3 0x14280 nfsidl nfsio 46013 515671 0 0 3 0x14280 nfsidl nfsio 88266 26307 0 0 3 0x14280 nfsidl nfsio 95829 59690 0 0 3 0x14280 nfsidl nfsio 34255 218443 0 0 3 0x14280 nfsidl nfsio 61340 47011 0 0 3 0x14280 nfsidl nfsio 69106 267773 0 0 3 0x14280 nfsidl nfsio 80501 134735 0 0 3 0x14280 nfsidl nfsio 49349 19340 0 0 3 0x14280 nfsidl nfsio 4974 179001 0 0 3 0x14280 nfsidl nfsio 42849 318742 0 0 3 0x14280 nfsidl nfsio 28785 346800 0 0 3 0x14280 nfsidl nfsio 78212 310747 0 0 3 0x14280 nfsidl nfsio 93365 5677 0 0 3 0x14280 nfsidl nfsio 84431 124374 0 0 3 0x14280 nfsidl nfsio 17424 233303 0 0 3 0x14280 nfsidl nfsio 77782 521510 0 0 3 0x14280 nfsidl nfsio 60989 74310 0 0 3 0x14280 nfsidl nfsio 33458 185613 0 0 3 0x14280 nfsidl nfsio 66099 188796 0 0 3 0x14280 nfsidl nfsio 2650 166450 9525 0 2 0x2 syz-executor.7 24149 179934 9525 0 3 0x82 nanoslp syz-executor.6 50461 499268 9525 0 3 0x82 nanoslp syz-executor.1 85096 509281 1 0 3 0x100083 ttyin getty 37106 398748 9525 0 2 0x482 syz-executor.0 16212 402363 9525 0 2 0x2 syz-executor.2 93959 391892 9525 0 2 0x2 syz-executor.4 63287 483183 9525 0 2 0x2 syz-executor.3 20491 140775 9525 0 2 0x2 syz-executor.5 13706 476089 0 0 3 0x14200 bored sosplice 9525 358167 75786 0 3 0x2000082 thrsleep syz-fuzzer 9525 166323 75786 0 3 0x6000082 nanoslp syz-fuzzer 9525 17841 75786 0 3 0x6000082 wait syz-fuzzer 9525 412110 75786 0 3 0x6000082 thrsleep syz-fuzzer 9525 90319 75786 0 3 0x6000082 wait syz-fuzzer 9525 318137 75786 0 3 0x6000082 thrsleep syz-fuzzer 9525 415860 75786 0 3 0x6000082 kqread syz-fuzzer 9525 68204 75786 0 3 0x6000082 wait syz-fuzzer 9525 211766 75786 0 3 0x6000082 wait syz-fuzzer 9525 349785 75786 0 3 0x6000082 thrsleep syz-fuzzer 9525 96220 75786 0 3 0x6000082 wait syz-fuzzer 9525 495870 75786 0 3 0x6000082 wait syz-fuzzer 9525 497779 75786 0 3 0x6000082 wait syz-fuzzer 9525 101135 75786 0 3 0x6000082 wait syz-fuzzer 9525 76330 75786 0 3 0x6000082 thrsleep syz-fuzzer 75786 31820 26842 0 3 0x10008a sigsusp ksh 26842 276979 66596 0 3 0x9a kqread sshd 66596 49341 1 0 3 0x88 kqread sshd 73649 323505 93138 73 3 0x1100090 kqread syslogd 93138 159695 1 0 3 0x100082 netio syslogd 16880 381717 1 0 3 0x100080 kqread resolvd 74001 203594 65565 77 3 0x100092 kqread dhcpleased 48359 38753 65565 77 3 0x100092 kqread dhcpleased 65565 27943 1 0 3 0x80 kqread dhcpleased 7187 338589 0 0 3 0x14200 bored smr 80447 244208 0 0 2 0x14200 zerothread 27699 422357 0 0 3 0x14200 aiodoned aiodoned 82615 83516 0 0 3 0x14200 syncer update 69689 487100 0 0 3 0x14200 cleaner cleaner 9429 25205 0 0 3 0x14200 reaper reaper 7791 266813 0 0 3 0x14200 pgdaemon pagedaemon 26658 73989 0 0 3 0x14200 bored viomb 72262 27265 0 0 3 0x40014200 acpi0 acpi0 66338 375530 0 0 3 0x14200 bored softnet3 31685 227947 0 0 3 0x14200 bored softnet2 96878 24442 0 0 3 0x14200 bored softnet1 18080 448091 0 0 3 0x14200 bored softnet0 3623 521462 0 0 3 0x14200 bored systqmp 54698 227379 0 0 3 0x14200 bored systq 60369 365632 0 0 2 0x40014200 softclock 20650 119423 0 0 3 0x40014200 idle0 1 7577 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10194 6557K 7551K 166960K 29738 0 pcb 15 18K 20K 166960K 901 0 rtable 181 14K 15K 166960K 1902 0 pf 32 9K 10K 166960K 321 0 ifaddr 35 11K 12K 166960K 305 0 ifgroup 55 2K 2K 166960K 494 0 sysctl 4 1K 1K 166960K 43 0 counters 31 17K 18K 166960K 169 0 ioctlops 0 0K 2K 166960K 750 0 iov 0 0K 24K 166960K 836 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1552 97K 98K 166960K 8069 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 173 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 1781 0 dirhash 12 2K 2K 166960K 72 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 12 41K 77K 166960K 10452 0 sigio 0 0K 0K 166960K 402 0 proc 58 59K 91K 166960K 1799 0 subproc 104 6K 7K 166960K 559 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 591 0 in_multi 68 5K 7K 166960K 631 0 ether_multi 1 0K 0K 166960K 10 0 mrt 1 0K 0K 166960K 16 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 1833 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 pagedep 1 8K 8K 166960K 1 0 inodedep 1 32K 32K 166960K 1 0 newblk 1 0K 0K 166960K 1 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 438 465K 473K 166960K 96800 0 UVM aobj 131 4K 4K 166960K 141 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 357 0 NDP 12 0K 2K 166960K 244 0 temp 74 6704K 6832K 166960K 98315 0 kqueue 12 18K 29K 166960K 801 0 SYN cache 2 2456K 2464K 166960K 4 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 598 0 595 8 7 1 3 0 8 0 rtentry 112 574 0 495 4 1 3 4 0 8 0 unpcb 144 11558 0 11545 106 103 3 11 0 8 2 syncache 320 108 0 108 22 21 1 1 0 8 1 sackhl 24 1 1 1 1 1 0 1 0 8 0 tcpqe 32 528 0 528 13 12 1 2 0 8 1 tcpcb 808 3483 0 3453 96 90 6 16 0 8 2 arp 88 100 0 88 1 0 1 1 0 8 0 ipq 40 21 0 21 7 6 1 1 0 8 1 ipqe 40 61 0 61 7 6 1 1 0 8 1 inpcb 344 8453 0 8419 145 133 12 15 0 8 8 nd6 104 142 0 127 1 0 1 1 0 8 0 pkpcb 40 12 0 12 3 3 0 1 0 8 0 kcovpl 48 43 0 35 1 0 1 1 0 8 0 ppxss 1072 63 0 63 12 12 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2320 0 1947 55 25 30 30 0 8 2 art_table 32 2321 0 1947 4 0 4 4 0 8 0 art_node 16 565 0 492 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 4 1 0 1 1 0 8 0 semapl 112 1779 0 1769 1 0 1 1 0 8 0 shmpl 112 138 0 10 4 0 4 4 0 8 0 dirhash 1024 57 0 40 3 0 3 3 0 8 0 dino2pl 256 15499 0 14008 94 0 94 94 0 8 0 ffsino 240 15499 0 14008 89 0 89 89 0 8 0 nchpl 144 30136 0 28507 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 101933 0 101929 9 7 2 3 0 8 1 vcpupl 2048 60 0 0 8 0 8 8 0 8 0 vmpool 664 82 0 22 6 0 6 6 0 8 1 kstatmem 264 300 0 276 4 1 3 3 0 8 1 scxspl 216 88633 0 88633 30 28 2 8 1 8 2 plimitpl 152 1435 0 1420 1 0 1 1 0 8 0 sigapl 424 11544 0 11483 8 0 8 8 0 8 0 futexpl 64 97689 0 97688 1 0 1 1 0 8 0 knotepl 120 95599 0 95516 28 25 3 16 0 8 0 kqueuepl 184 2486 0 2478 37 33 4 7 0 8 3 pipepl 288 2401 0 2373 50 47 3 7 0 8 0 fdescpl 432 10666 0 10643 4 0 4 4 0 8 0 filepl 120 69379 0 69141 126 113 13 19 0 8 5 lockfpl 104 3322 0 3320 7 6 1 2 0 8 0 lockfspl 48 1225 0 1223 1 0 1 1 0 8 0 sessionpl 144 61 0 45 1 0 1 1 0 8 0 pgrppl 48 167 0 151 1 0 1 1 0 8 0 ucredpl 104 10209 0 10198 1 0 1 1 0 8 0 zombiepl 144 11484 0 11483 5 4 1 1 0 8 0 processpl 1072 11544 0 11483 5 0 5 5 0 8 0 procpl 680 26668 0 26591 24 15 9 9 0 8 1 sosppl 168 121 0 116 16 15 1 1 0 8 0 sockpl 456 20798 0 20748 410 395 15 40 0 8 7 mcl64k 65536 425 0 425 27 26 1 1 0 8 1 mcl16k 16384 237 0 237 23 22 1 1 0 8 1 mcl12k 12288 409 0 409 25 24 1 1 0 8 1 mcl9k 9216 246 0 246 28 27 1 1 0 8 1 mcl8k 8192 830 0 830 21 20 1 1 0 8 1 mcl4k 4096 1130 0 1130 18 17 1 1 0 8 1 mcl2k2 2112 79 0 79 20 19 1 1 0 8 1 mcl2k 2048 90240 0 90172 76 65 11 34 0 8 1 mtagpl 96 1634 0 1472 20 15 5 9 0 8 0 mbufpl 256 239498 0 239204 533 502 31 80 0 8 8 bufpl 288 23191 0 16790 458 0 458 458 0 8 0 anonpl 24 1047819 0 1033602 139 40 99 113 0 188 0 amapchunkpl 152 307806 0 307006 107 58 49 49 0 158 12 amappl16 200 20283 0 19717 73 41 32 42 0 8 0 amappl15 192 16 0 15 1 0 1 1 0 8 0 amappl14 184 259 0 247 2 1 1 2 0 8 0 amappl13 176 73 0 71 1 0 1 1 0 8 0 amappl12 168 11841 0 11816 2 0 2 2 0 8 0 amappl11 160 90 0 80 1 0 1 1 0 8 0 amappl10 152 64 0 55 1 0 1 1 0 8 0 amappl9 144 223 0 223 16 15 1 1 0 8 1 amappl8 136 460 0 369 4 0 4 4 0 8 0 amappl7 128 301 0 275 2 0 2 2 0 8 0 amappl6 120 839 0 829 1 0 1 1 0 8 0 amappl5 112 334 0 324 1 0 1 1 0 8 0 amappl4 104 726 0 701 2 1 1 2 0 8 0 amappl3 96 60787 0 60722 3 0 3 3 0 8 0 amappl2 88 11619 0 11546 3 1 2 3 0 8 0 amappl1 80 48805 0 48309 23 11 12 22 0 8 0 amappl 88 95762 0 95527 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 140 0 10 3 0 3 3 0 8 0 uaddrrnd 24 10748 0 10665 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 10748 0 10665 1 0 1 1 0 8 0 vmmpekpl 168 82689 0 82604 4 0 4 4 0 8 0 vmmpepl 168 638766 0 636522 413 276 137 144 0 357 14 vmsppl 352 10747 0 10665 11 2 9 9 0 8 0 rwobjpl 24 152826 0 145159 49 2 47 48 0 8 0 pdppl 4096 21502 0 21390 600 476 124 126 0 8 12 pvpl 32 2841976 0 2822712 406 231 175 318 0 265 0 pmappl 216 10747 0 10665 6 1 5 5 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2188 0 1314 27 0 27 27 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285300a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4920,ffffffff8282cbbd,148,ffffffff829229b7) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff8000377d8da8,ffff800000de4400,fffffd8064c784b0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806322a300,ffff800000de4400,fffffd8064c784b0,0,0,fffffd8064c78550) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000fd7ff0) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd806ba183d8,fffffd806322ab00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a6b4ff8,ffff8000377d9250,ffff8000377d91a0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff8000377d9250) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x88fc24ce000, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8285300a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d4920,ffffffff8282cbbd,148,ffffffff829229b7) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff8000377d8da8,ffff800000de4400,fffffd8064c784b0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806322a300,ffff800000de4400,fffffd8064c784b0,0,0,fffffd8064c78550) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000fd7ff0) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd806ba183d8,fffffd806322ab00) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a6b4ff8,ffff8000377d9250,ffff8000377d91a0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff8000377d9250) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x88fc24ce000, count: -10