login: panic: m_copydata: null mbuf Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 70109 65000 0 0x10 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff82228614) at panic+0x15c sys/kern/subr_prf.c:207 m_copydata(fffffd80599f3100,0,1,fffffd806bc220e4) at m_copydata+0x17e m_getptr sys/kern/uipc_mbuf.c:1031 [inline] m_copydata(fffffd80599f3100,0,1,fffffd806bc220e4) at m_copydata+0x17e sys/kern/uipc_mbuf.c:722 tcp_output(ffff8000009ed660) at tcp_output+0x158e sys/netinet/tcp_output.c:671 tcp_usrreq(fffffd8055f33010,e,fffffd806bc22000,0,0,ffff80001e44aee8) at tcp_usrreq+0x625 sys/netinet/tcp_usrreq.c:373 sosend(fffffd8055f33010,0,ffff80001e4671f0,0,0,407) at sosend+0x669 sys/kern/uipc_socket.c:538 sendit(ffff80001e44aee8,7,ffff80001e467350,407,ffff80001e467440) at sendit+0x52b sys/kern/uipc_syscalls.c:657 sys_sendmsg(ffff80001e44aee8,ffff80001e4673f8,ffff80001e467440) at sys_sendmsg+0x1a4 sys/kern/uipc_syscalls.c:562 syscall(ffff80001e4674c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcd65ce1b00, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic m_copydata: null mbuf ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff82228614) at panic+0x15c sys/kern/subr_prf.c:207 m_copydata(fffffd80599f3100,0,1,fffffd806bc220e4) at m_copydata+0x17e m_getptr sys/kern/uipc_mbuf.c:1031 [inline] m_copydata(fffffd80599f3100,0,1,fffffd806bc220e4) at m_copydata+0x17e sys/kern/uipc_mbuf.c:722 tcp_output(ffff8000009ed660) at tcp_output+0x158e sys/netinet/tcp_output.c:671 tcp_usrreq(fffffd8055f33010,e,fffffd806bc22000,0,0,ffff80001e44aee8) at tcp_usrreq+0x625 sys/netinet/tcp_usrreq.c:373 sosend(fffffd8055f33010,0,ffff80001e4671f0,0,0,407) at sosend+0x669 sys/kern/uipc_socket.c:538 sendit(ffff80001e44aee8,7,ffff80001e467350,407,ffff80001e467440) at sendit+0x52b sys/kern/uipc_syscalls.c:657 sys_sendmsg(ffff80001e44aee8,ffff80001e4673f8,ffff80001e467440) at sys_sendmsg+0x1a4 sys/kern/uipc_syscalls.c:562 syscall(ffff80001e4674c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcd65ce1b00, count: -10 ddb> show registers rdi 0xffffffff8209f857 db_enter+0x17 rsi 0xf7d rbp 0xffff80001e466d90 rbx 0xffff80001e466e40 rdx 0xf7e rcx 0xffff80001f837000 rax 0xffff80001f837000 r8 0xffff80001e466d50 r9 0x1 r10 0xffff8000009ece80 r11 0xab9d7aa4ac31faae r12 0x3000000008 r13 0xffff80001e466da0 r14 0x100 r15 0x1 rip 0xffffffff8209f858 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001e466d80 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=70109 stat=onproc flags process=10 proc=4000000 pri=61, usrpri=61, nice=20 forw=0xffffffffffffffff, list=0xffff80001e44b160,0xffffffff82593b80 process=0xffff8000ffff6a30 user=0xffff80001e462000, vmspace=0xfffffd806bc0a000 estcpu=11, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 83501 392064 30375 0 3 0x80 nanosleep syz-executor.0 83501 153438 30375 0 3 0x4000080 bell syz-executor.0 65000 438460 6108 0 2 0x10 syz-executor.1 65000 127705 6108 0 3 0x4000090 netio syz-executor.1 *65000 70109 6108 0 7 0x4000010 syz-executor.1 41171 55887 0 0 3 0x14200 bored sosplice 6108 132926 33700 0 3 0x82 nanosleep syz-executor.1 30375 448448 33700 0 3 0x82 nanosleep syz-executor.0 33700 395412 65442 0 3 0x82 thrsleep syz-fuzzer 33700 1143 65442 0 3 0x4000082 thrsleep syz-fuzzer 33700 35772 65442 0 3 0x4000082 thrsleep syz-fuzzer 33700 313682 65442 0 3 0x4000082 thrsleep syz-fuzzer 33700 126259 65442 0 3 0x4000082 thrsleep syz-fuzzer 33700 272578 65442 0 3 0x4000082 kqread syz-fuzzer 33700 76320 65442 0 3 0x4000082 thrsleep syz-fuzzer 65442 197771 13354 0 3 0x10008a pause ksh 13354 28008 80552 0 3 0x92 select sshd 21774 6283 1 0 3 0x100083 ttyin getty 80552 259886 1 0 3 0x80 select sshd 60622 140955 44287 73 3 0x100090 kqread syslogd 44287 278105 1 0 3 0x100082 netio syslogd 44082 222234 1 77 3 0x100090 poll dhclient 18544 341243 1 0 3 0x80 poll dhclient 92465 81204 0 0 2 0x14200 zerothread 25902 206188 0 0 3 0x14200 aiodoned aiodoned 25052 519596 0 0 3 0x14200 syncer update 61367 82548 0 0 3 0x14200 cleaner cleaner 31589 241661 0 0 3 0x14200 reaper reaper 38547 83864 0 0 3 0x14200 pgdaemon pagedaemon 30689 81597 0 0 3 0x14200 bored crynlk 83065 308615 0 0 3 0x14200 bored crypto 98504 307807 0 0 3 0x40014200 acpi0 acpi0 9626 43677 0 0 3 0x14200 bored softnet 52382 47535 0 0 3 0x14200 bored systqmp 59437 126674 0 0 3 0x14200 bored systq 61127 246628 0 0 3 0x40014200 bored softclock 81804 393749 0 0 3 0x40014200 idle0 41448 218613 0 0 3 0x14200 bored smr 1 344440 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9468 6394K 7623K 78643K 10922 0 pcb 13 8K 8K 78643K 19 0 rtable 87 4K 5K 78643K 239 0 ifaddr 46 10K 11K 78643K 61 0 counters 19 16K 16K 78643K 19 0 ioctlops 0 0K 2K 78643K 15 0 iov 0 0K 12K 78643K 12 0 mount 1 1K 1K 78643K 1 0 vnodes 1224 77K 77K 78643K 1330 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 9 1K 1K 78643K 10 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 93 0 sigio 0 0K 0K 78643K 6 0 proc 48 38K 54K 78643K 359 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 25 1K 2K 78643K 44 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 183 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 103 21K 22K 78643K 1051 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 5 0 NDP 8 0K 0K 78643K 13 0 temp 77 3001K 3065K 78643K 3444 0 kqueue 3 4K 8K 78643K 7 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 3 1 0 1 1 0 8 0 rtpcb 80 21 0 19 1 0 1 1 0 8 0 rtentry 112 52 0 20 2 0 2 2 0 8 0 unpcb 120 84 0 75 1 0 1 1 0 8 0 syncache 264 5 0 5 2 1 1 1 0 8 1 tcpqe 32 109 0 109 1 0 1 1 0 8 1 tcpcb 544 36 0 28 1 0 1 1 0 8 0 ipq 40 1 0 1 1 0 1 1 0 8 1 ipqe 40 2 0 2 1 0 1 1 0 8 1 inpcb 280 104 0 93 2 0 2 2 0 8 1 nd6 48 5 0 4 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 0 1 1 0 8 1 ppxss 1128 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 244 0 84 14 0 14 14 0 8 2 art_table 32 245 0 84 2 0 2 2 0 8 0 art_node 16 51 0 21 1 0 1 1 0 8 0 semupl 112 4 0 4 1 0 1 1 0 8 1 semapl 112 8 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1516 0 115 46 0 46 46 0 8 0 ffsino 240 1516 0 115 83 0 83 83 0 8 0 nchpl 144 1848 0 234 61 0 61 61 0 8 0 uvmvnodes 72 1657 0 0 31 0 31 31 0 8 0 vnodes 208 1657 0 0 88 0 88 88 0 8 0 namei 1024 4615 0 4615 1 0 1 1 0 8 1 scxspl 192 5194 0 5192 1 0 1 1 0 8 0 plimitpl 152 20 0 13 1 0 1 1 0 8 0 sigapl 432 264 0 250 2 0 2 2 0 8 0 futexpl 56 1665 0 1665 1 0 1 1 0 8 1 knotepl 112 57 0 38 1 0 1 1 0 8 0 kqueuepl 104 12 0 10 1 0 1 1 0 8 0 pipelkpl 16 76 0 66 1 0 1 1 0 8 0 pipepl 120 152 0 133 1 0 1 1 0 8 0 fdescpl 432 265 0 250 2 0 2 2 0 8 0 filepl 120 1542 0 1441 4 0 4 4 0 8 0 lockfpl 104 17 0 16 1 0 1 1 0 8 0 lockfspl 48 7 0 6 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 114 0 106 1 0 1 1 0 8 0 zombiepl 144 250 0 250 1 0 1 1 0 8 1 processpl 864 280 0 250 4 0 4 4 0 8 0 procpl 632 372 0 333 4 0 4 4 0 8 0 sosppl 128 8 0 8 1 0 1 1 0 8 1 sockpl 384 211 0 189 4 0 4 4 0 8 1 mcl64k 65536 9 0 8 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 4 0 4 1 0 1 1 0 8 1 mcl4k 4096 18 0 18 2 1 1 1 0 8 1 mcl2k 2048 63066 0 63031 15 2 13 13 0 8 8 mtagpl 80 6 0 2 2 1 1 1 0 8 0 mbufpl 256 100155 0 100073 12 2 10 10 0 8 0 bufpl 280 7327 0 1326 429 0 429 429 0 8 0 anonpl 16 42707 0 28207 72 1 71 71 0 107 12 amapchunkpl 152 1145 0 1012 7 0 7 7 0 158 1 amappl16 192 1350 0 555 49 3 46 49 0 8 6 amappl15 184 51 0 47 1 0 1 1 0 8 0 amappl14 176 33 0 30 1 0 1 1 0 8 0 amappl12 160 35 0 31 1 0 1 1 0 8 0 amappl11 152 46 0 35 1 0 1 1 0 8 0 amappl10 144 14 0 10 1 0 1 1 0 8 0 amappl9 136 592 0 587 1 0 1 1 0 8 0 amappl8 128 130 0 111 1 0 1 1 0 8 0 amappl7 120 90 0 79 1 0 1 1 0 8 0 amappl6 112 53 0 49 1 0 1 1 0 8 0 amappl5 104 161 0 150 1 0 1 1 0 8 0 amappl4 96 447 0 420 1 0 1 1 0 8 0 amappl3 88 146 0 136 1 0 1 1 0 8 0 amappl2 80 1337 0 1259 3 1 2 3 0 8 0 amappl1 72 14612 0 14173 27 14 13 20 0 8 4 amappl 80 590 0 547 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 265 0 250 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 265 0 250 1 0 1 1 0 8 0 vmmpekpl 168 5928 0 5906 2 0 2 2 0 8 0 vmmpepl 168 39625 0 37638 110 7 103 103 0 357 16 vmsppl 272 264 0 250 2 0 2 2 0 8 1 pdppl 4096 536 0 500 6 0 6 6 0 8 1 pvpl 32 139797 0 122237 171 0 171 171 0 265 29 pmappl 200 264 0 250 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 145 0 7 4 0 4 4 0 8 0