panic: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *411286 97752 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8284c796) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d3b2f,ffffffff828306f8,148,ffffffff8292603e) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80003780ace8,ffff800000e74200,fffffd80637027a0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806fdac000,ffff800000e74200,fffffd80637027a0,0,0,fffffd8063702840) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000e33ca8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8067dbf0f8,fffffd806fdac600) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a672ab8,ffff80003780b190,ffff80003780b0e0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80003780b190) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e4cf26d7d0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "sin6tosa(&ro->ro_dst)->sa_family == AF_INET6" failed: file "/syzkaller/managers/main/kernel/sys/netinet6/in6_src.c", line 328 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8284c796) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d3b2f,ffffffff828306f8,148,ffffffff8292603e) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80003780ace8,ffff800000e74200,fffffd80637027a0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806fdac000,ffff800000e74200,fffffd80637027a0,0,0,fffffd8063702840) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000e33ca8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8067dbf0f8,fffffd806fdac600) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a672ab8,ffff80003780b190,ffff80003780b0e0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80003780b190) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e4cf26d7d0, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003780ab40 rbx 0x2 rdx 0xffff800000dafb40 rcx 0 rax 0xffff80002a672ab8 r8 0 r9 0x8080808080808080 r10 0xbff9442e26df7e78 r11 0x9d18bd46e8fa2ac4 r12 0 r13 0xffff80003780ace8 r14 0 r15 0x1 rip 0xffffffff81e5430c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80003780ab30 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) tid=411286 pid=97752 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=78, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a673800,0xffffffff82e42fe0 process=0xffff800037873260 user=0xffff800037806000, vmspace=0xfffffd80676cfc98 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 97752 453012 99942 0 2 0 syz-executor.0 *97752 411286 99942 0 7 0x4000000 syz-executor.0 90629 437236 69720 0 2 0x480 syz-executor.4 90629 469652 69720 0 3 0x4000080 fsleep syz-executor.4 52221 152545 10494 0 2 0 syz-executor.6 52221 439613 10494 0 3 0x4000080 fsleep syz-executor.6 67661 372919 77396 0 2 0 syz-executor.1 23846 352018 74031 0 2 0 syz-executor.7 23846 30139 74031 0 3 0x4000080 bell syz-executor.7 23846 325116 74031 0 3 0x4000080 bell syz-executor.7 83582 346957 0 0 3 0x14280 nfsidl nfsio 83704 378620 0 0 3 0x14280 nfsidl nfsio 32949 355068 0 0 3 0x14280 nfsidl nfsio 45550 238964 0 0 3 0x14280 nfsidl nfsio 37109 396727 0 0 3 0x14280 nfsidl nfsio 52907 491959 0 0 3 0x14280 nfsidl nfsio 20697 3748 0 0 3 0x14280 nfsidl nfsio 25667 309736 0 0 3 0x14280 nfsidl nfsio 10232 459469 0 0 3 0x14280 nfsidl nfsio 15916 140702 0 0 3 0x14280 nfsidl nfsio 86717 176352 0 0 3 0x14280 nfsidl nfsio 79726 300576 0 0 3 0x14280 nfsidl nfsio 505 132867 0 0 3 0x14280 nfsidl nfsio 70679 236351 0 0 3 0x14280 nfsidl nfsio 49432 344177 0 0 3 0x14280 nfsidl nfsio 42651 174927 0 0 3 0x14280 nfsidl nfsio 21629 453810 0 0 3 0x14280 nfsidl nfsio 31638 104378 0 0 3 0x14280 nfsidl nfsio 93800 452940 0 0 3 0x14280 nfsidl nfsio 62928 58937 0 0 3 0x14280 nfsidl nfsio 10494 263652 86364 0 2 0x482 syz-executor.6 38067 225278 1 0 3 0x100083 ttyin getty 84829 53505 0 0 3 0x14200 acct acct 25107 61644 0 0 3 0x14200 bored sosplice 69720 467419 86364 0 2 0x482 syz-executor.4 89223 422332 86364 0 2 0x482 syz-executor.5 74031 95760 86364 0 2 0x482 syz-executor.7 77396 250692 86364 0 2 0x482 syz-executor.1 11892 223258 86364 0 2 0x2 syz-executor.2 99942 155366 86364 0 2 0x482 syz-executor.0 96759 439375 86364 0 2 0x482 syz-executor.3 86364 106042 39441 0 3 0x2000082 wait syz-fuzzer 86364 269060 39441 0 2 0x6000002 syz-fuzzer 86364 134885 39441 0 3 0x6000082 wait syz-fuzzer 86364 126985 39441 0 3 0x6000082 wait syz-fuzzer 86364 153503 39441 0 3 0x6000082 wait syz-fuzzer 86364 4658 39441 0 3 0x6000082 wait syz-fuzzer 86364 248067 39441 0 3 0x6000082 thrsleep syz-fuzzer 86364 306002 39441 0 3 0x6000082 wait syz-fuzzer 86364 137387 39441 0 3 0x6000082 thrsleep syz-fuzzer 86364 519268 39441 0 3 0x6000082 wait syz-fuzzer 86364 372444 39441 0 3 0x6000082 thrsleep syz-fuzzer 86364 105075 39441 0 3 0x6000082 wait syz-fuzzer 86364 347008 39441 0 3 0x6000082 kqread syz-fuzzer 86364 228099 39441 0 3 0x6000082 thrsleep syz-fuzzer 39441 130303 34335 0 3 0x10008a sigsusp ksh 34335 486372 79684 0 3 0x9a kqread sshd 79684 249282 1 0 3 0x88 kqread sshd 20053 393151 54575 73 3 0x1100090 kqread syslogd 54575 375208 1 0 3 0x100082 netio syslogd 37625 125063 1 0 3 0x100080 kqread resolvd 20885 25528 70731 77 3 0x100092 kqread dhcpleased 6647 429174 70731 77 3 0x100092 kqread dhcpleased 70731 516070 1 0 3 0x80 kqread dhcpleased 88834 12870 0 0 2 0x14200 smr 90722 60621 0 0 2 0x14200 zerothread 48895 187402 0 0 3 0x14200 aiodoned aiodoned 72691 260191 0 0 3 0x14200 syncer update 46268 292944 0 0 3 0x14200 cleaner cleaner 41899 451483 0 0 3 0x14200 reaper reaper 55483 119408 0 0 3 0x14200 pgdaemon pagedaemon 872 287893 0 0 3 0x14200 bored viomb 88098 183016 0 0 3 0x40014200 acpi0 acpi0 65000 7918 0 0 3 0x14200 bored softnet3 7026 230355 0 0 3 0x14200 bored softnet2 42849 411840 0 0 3 0x14200 bored softnet1 67360 502450 0 0 3 0x14200 bored softnet0 58791 307307 0 0 3 0x14200 bored systqmp 7679 467367 0 0 3 0x14200 bored systq 22894 234779 0 0 3 0x40014200 tmoslp softclock 9462 412730 0 0 3 0x40014200 idle0 1 491861 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10193 6603K 7605K 166960K 29713 0 pcb 15 14K 16K 166960K 611 0 rtable 232 7K 7K 166960K 601 0 pf 29 8K 9K 166960K 91 0 ifaddr 42 11K 12K 166960K 85 0 ifgroup 50 2K 2K 166960K 120 0 sysctl 3 0K 0K 166960K 3 0 counters 30 17K 17K 166960K 61 0 ioctlops 0 0K 2K 166960K 210 0 iov 0 0K 32K 166960K 591 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1506 94K 94K 166960K 6786 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 74 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 846 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 69K 166960K 7641 0 sigio 0 0K 0K 166960K 87 0 proc 60 59K 75K 166960K 724 0 subproc 104 6K 6K 166960K 117 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 280 0 in_multi 95 7K 7K 166960K 122 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 1210 0 pfkey data 0 0K 0K 166960K 10 0 tdb 3 0K 0K 166960K 3 0 pagedep 1 8K 8K 166960K 1 0 inodedep 1 32K 32K 166960K 1 0 newblk 1 0K 0K 166960K 1 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 361 207K 222K 166960K 71759 0 UVM aobj 131 11K 11K 166960K 134 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 355 0 NDP 11 0K 1K 166960K 62 0 temp 74 6708K 6836K 166960K 48617 0 kqueue 14 20K 28K 166960K 337 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 183 0 180 2 1 1 2 0 8 0 rtentry 112 151 0 44 4 0 4 4 0 8 0 unpcb 144 4525 0 4504 45 44 1 15 0 8 0 syncache 320 48 0 48 10 10 0 1 0 8 0 tcpqe 32 179 0 179 7 7 0 1 0 8 0 tcpcb 808 1332 0 1322 40 37 3 8 0 8 0 arp 88 24 0 6 1 0 1 1 0 8 0 ipq 40 6 0 6 3 3 0 1 0 8 0 ipqe 40 22 0 22 3 3 0 1 0 8 0 inpcb 344 3525 0 3512 49 46 3 8 0 8 0 nd6 104 30 0 8 1 0 1 1 0 8 0 pkpcb 40 88 0 88 6 6 0 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1072 27 0 27 5 5 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 566 0 124 30 2 28 30 0 8 0 art_table 32 567 0 124 4 0 4 4 0 8 0 art_node 16 142 0 44 1 0 1 1 0 8 0 sysvmsgpl 40 55 0 20 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 843 0 833 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 12506 0 11040 92 0 92 92 0 8 0 ffsino 240 12506 0 11040 87 0 87 87 0 8 0 nchpl 144 22815 0 21181 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 73406 0 73405 6 5 1 3 0 8 0 vcpupl 2048 49 0 0 7 0 7 7 0 8 0 vmpool 664 53 0 4 5 0 5 5 0 8 0 kstatmem 264 84 0 62 2 0 2 2 0 8 0 scxspl 216 63217 0 63217 16 15 1 8 1 8 1 plimitpl 152 512 0 497 1 0 1 1 0 8 0 sigapl 424 8484 0 8418 8 0 8 8 0 8 0 futexpl 64 60645 0 60643 1 0 1 1 0 8 0 knotepl 120 81920 0 81836 21 18 3 11 0 8 0 kqueuepl 184 1039 0 1029 22 21 1 4 0 8 0 pipepl 288 647 0 619 19 16 3 7 0 8 0 fdescpl 432 7926 0 7900 4 0 4 4 0 8 0 filepl 120 41365 0 41113 63 55 8 21 0 8 0 lockfpl 104 1795 0 1793 5 4 1 2 0 8 0 lockfspl 48 605 0 603 1 0 1 1 0 8 0 sessionpl 144 26 0 10 1 0 1 1 0 8 0 pgrppl 48 322 0 306 1 0 1 1 0 8 0 ucredpl 104 8533 0 8523 1 0 1 1 0 8 0 zombiepl 144 8420 0 8418 1 0 1 1 0 8 0 processpl 1072 8484 0 8418 5 0 5 5 0 8 0 procpl 680 19263 0 19179 11 3 8 9 0 8 0 sosppl 168 64 0 64 9 9 0 1 0 8 0 sockpl 456 8324 0 8287 178 173 5 52 0 8 0 mcl64k 65536 281 0 281 8 7 1 1 0 8 1 mcl16k 16384 102 0 102 13 13 0 1 0 8 0 mcl12k 12288 304 0 304 9 8 1 1 0 8 1 mcl9k 9216 133 0 133 11 11 0 1 0 8 0 mcl8k 8192 417 0 417 9 9 0 1 0 8 0 mcl4k 4096 660 0 660 4 3 1 1 0 8 1 mcl2k2 2112 46 0 46 12 12 0 1 0 8 0 mcl2k 2048 78230 0 78028 53 24 29 30 0 8 0 mtagpl 96 2098 0 1482 21 4 17 20 0 8 0 mbufpl 256 172672 0 171891 87 30 57 65 0 8 0 bufpl 288 14902 0 8509 457 0 457 457 0 8 0 anonpl 24 721280 0 707499 134 46 88 111 0 188 0 amapchunkpl 152 227184 0 226370 67 32 35 46 0 158 1 amappl16 200 14368 0 13931 55 31 24 37 0 8 0 amappl15 192 10 0 10 1 1 0 1 0 8 0 amappl14 184 158 0 148 2 1 1 2 0 8 0 amappl13 176 33 0 32 1 0 1 1 0 8 0 amappl12 168 8580 0 8548 2 0 2 2 0 8 0 amappl11 160 54 0 44 1 0 1 1 0 8 0 amappl10 152 28 0 18 1 0 1 1 0 8 0 amappl9 144 185 0 182 1 0 1 1 0 8 0 amappl8 136 290 0 212 3 0 3 3 0 8 0 amappl7 128 190 0 172 2 0 2 2 0 8 0 amappl6 120 298 0 283 1 0 1 1 0 8 0 amappl5 112 292 0 284 1 0 1 1 0 8 0 amappl4 104 477 0 454 2 1 1 2 0 8 0 amappl3 96 45808 0 45727 3 0 3 3 0 8 0 amappl2 88 8553 0 8484 3 1 2 3 0 8 0 amappl1 80 36011 0 35505 22 10 12 22 0 8 0 amappl 88 71106 0 70887 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 7979 0 7904 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 7979 0 7904 1 0 1 1 0 8 0 vmmpekpl 168 53854 0 53790 5 1 4 4 0 8 0 vmmpepl 168 458852 0 456625 172 67 105 123 0 357 1 vmsppl 352 7978 0 7904 8 0 8 8 0 8 0 rwobjpl 24 112976 0 105468 50 3 47 48 0 8 0 pdppl 4096 15964 0 15857 345 232 113 113 0 8 6 pvpl 32 2003668 0 1984368 371 209 162 361 0 265 0 pmappl 216 7978 0 7904 5 0 5 5 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1275 0 383 26 0 26 26 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8284c796) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d3b2f,ffffffff828306f8,148,ffffffff8292603e) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80003780ace8,ffff800000e74200,fffffd80637027a0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806fdac000,ffff800000e74200,fffffd80637027a0,0,0,fffffd8063702840) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000e33ca8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8067dbf0f8,fffffd806fdac600) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a672ab8,ffff80003780b190,ffff80003780b0e0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80003780b190) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e4cf26d7d0, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8284c796) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828d3b2f,ffffffff828306f8,148,ffffffff8292603e) at __assert+0x29 sys/kern/subr_prf.c:157 in6_selectroute(ffff80003780ace8,ffff800000e74200,fffffd80637027a0,0) at in6_selectroute+0x228 sys/netinet6/in6_src.c:328 ip6_output(fffffd806fdac000,ffff800000e74200,fffffd80637027a0,0,0,fffffd8063702840) at ip6_output+0xc9b sys/netinet6/ip6_output.c:467 tcp_output(ffff800000e33ca8) at tcp_output+0x27b7 sys/netinet/tcp_output.c:1110 tcp_connect(fffffd8067dbf0f8,fffffd806fdac600) at tcp_connect+0x318 sys/netinet/tcp_usrreq.c:670 sys_connect(ffff80002a672ab8,ffff80003780b190,ffff80003780b0e0) at sys_connect+0x206 sys/kern/uipc_syscalls.c:422 syscall(ffff80003780b190) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e4cf26d7d0, count: -10