panic: m_copydata: null mbuf Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 15314 98484 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff822235cc) at panic+0x15c sys/kern/subr_prf.c:207 m_copydata(fffffd8059c4ff00,80,8,fffffd8056e14620) at m_copydata+0x17e m_getptr sys/kern/uipc_mbuf.c:1031 [inline] m_copydata(fffffd8059c4ff00,80,8,fffffd8056e14620) at m_copydata+0x17e sys/kern/uipc_mbuf.c:722 ip6_pullexthdr(fffffd8059c4ff00,80,0) at ip6_pullexthdr+0x16f sys/netinet6/ip6_input.c:1175 ip6_savecontrol(fffffd8067a7d8c0,fffffd8059c4ff00,ffff80001f470ec0) at ip6_savecontrol+0x373 sys/netinet6/ip6_input.c:1062 rip6_input(ffff80001f471118,ffff80001f471124,0,18) at rip6_input+0x75b sys/netinet6/raw_ip6.c:225 ip_deliver(ffff80001f471118,ffff80001f471124,0,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668 ip6_input_if(ffff80001f471118,ffff80001f471124,29,0,ffff800000677800) at ip6_input_if+0x1055 ipv6_input(ffff800000677800,fffffd8059c4ff00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff800000677800,fffffd8059c4ff00,18) at if_input_local+0x121 sys/net/if.c:781 ip6_output(fffffd8059c4f400,ffff8000009d6f00,fffffd8067a7d188,0,0,fffffd8067a7d118) at ip6_output+0xd02 rip6_output(fffffd8059c4fc00,fffffd8066071ab0,ffff80001f471480,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd8066071ab0,9,fffffd8059c4fc00,0,0,ffff8000ffff3b40) at rip6_usrreq+0x5e1 sys/netinet6/raw_ip6.c:670 sosend(fffffd8066071ab0,0,ffff80001f4716c8,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:524 end trace frame: 0xffff80001f4716b0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic m_copydata: null mbuf ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff822235cc) at panic+0x15c sys/kern/subr_prf.c:207 m_copydata(fffffd8059c4ff00,80,8,fffffd8056e14620) at m_copydata+0x17e m_getptr sys/kern/uipc_mbuf.c:1031 [inline] m_copydata(fffffd8059c4ff00,80,8,fffffd8056e14620) at m_copydata+0x17e sys/kern/uipc_mbuf.c:722 ip6_pullexthdr(fffffd8059c4ff00,80,0) at ip6_pullexthdr+0x16f sys/netinet6/ip6_input.c:1175 ip6_savecontrol(fffffd8067a7d8c0,fffffd8059c4ff00,ffff80001f470ec0) at ip6_savecontrol+0x373 sys/netinet6/ip6_input.c:1062 rip6_input(ffff80001f471118,ffff80001f471124,0,18) at rip6_input+0x75b sys/netinet6/raw_ip6.c:225 ip_deliver(ffff80001f471118,ffff80001f471124,0,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668 ip6_input_if(ffff80001f471118,ffff80001f471124,29,0,ffff800000677800) at ip6_input_if+0x1055 ipv6_input(ffff800000677800,fffffd8059c4ff00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff800000677800,fffffd8059c4ff00,18) at if_input_local+0x121 sys/net/if.c:781 ip6_output(fffffd8059c4f400,ffff8000009d6f00,fffffd8067a7d188,0,0,fffffd8067a7d118) at ip6_output+0xd02 rip6_output(fffffd8059c4fc00,fffffd8066071ab0,ffff80001f471480,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd8066071ab0,9,fffffd8059c4fc00,0,0,ffff8000ffff3b40) at rip6_usrreq+0x5e1 sys/netinet6/raw_ip6.c:670 sosend(fffffd8066071ab0,0,ffff80001f4716c8,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:524 dofilewritev(ffff8000ffff3b40,4,ffff80001f4716c8,0,ffff80001f4717b0) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff8000ffff3b40,ffff80001f471768,ffff80001f4717b0) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff80001f471830) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c61475a920, count: -18 ddb> show registers rdi 0xffffffff81dd27d7 db_enter+0x17 rsi 0x15db __ALIGN_SIZE+0x5db rbp 0xffff80001f470c30 rbx 0xffff80001f470ce0 rdx 0x15dc __ALIGN_SIZE+0x5dc rcx 0xffff80001f64b000 rax 0xffff80001f64b000 r8 0xffff80001f470bf0 r9 0x1 r10 0xffff8000009f9000 r11 0x28c0dc1f0ea12f3f r12 0x3000000008 r13 0xffff80001f470c40 r14 0x100 r15 0x1 rip 0xffffffff81dd27d8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001f470c20 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=15314 stat=onproc flags process=0 proc=4000000 pri=79, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2508,0xffff8000ffff33e8 process=0xffff8000ffff77e8 user=0xffff80001f46c000, vmspace=0xfffffd806a183560 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 98484 266841 39976 0 2 0 syz-executor.1 *98484 15314 39976 0 7 0x4000000 syz-executor.1 48927 205935 98158 0 3 0x80 nanosleep syz-executor.0 48927 224491 98158 0 3 0x4000080 fsleep syz-executor.0 48927 312489 98158 0 3 0x4000080 fsleep syz-executor.0 98158 222725 32349 0 3 0x82 nanosleep syz-executor.0 46378 168440 0 0 3 0x14200 bored sosplice 39976 388345 32349 0 3 0x82 nanosleep syz-executor.1 32349 359856 91063 0 3 0x82 thrsleep syz-fuzzer 32349 167778 91063 0 3 0x4000082 thrsleep syz-fuzzer 32349 149586 91063 0 3 0x4000082 kqread syz-fuzzer 32349 426365 91063 0 3 0x4000082 thrsleep syz-fuzzer 32349 86515 91063 0 3 0x4000082 thrsleep syz-fuzzer 32349 443426 91063 0 3 0x4000082 thrsleep syz-fuzzer 32349 17093 91063 0 3 0x4000082 thrsleep syz-fuzzer 32349 71895 91063 0 3 0x4000082 thrsleep syz-fuzzer 91063 314896 32372 0 3 0x10008a pause ksh 32372 466246 97750 0 3 0x92 select sshd 19031 186828 1 0 3 0x100083 ttyin getty 97750 214339 1 0 3 0x80 select sshd 80525 522127 9259 73 3 0x100090 kqread syslogd 9259 497461 1 0 3 0x100082 netio syslogd 12243 266249 1 77 3 0x100090 poll dhclient 22771 294353 1 0 3 0x80 poll dhclient 98427 372677 0 0 2 0x14200 zerothread 50236 396163 0 0 3 0x14200 aiodoned aiodoned 47931 208044 0 0 3 0x14200 syncer update 29996 236535 0 0 3 0x14200 cleaner cleaner 34263 106497 0 0 3 0x14200 reaper reaper 88223 435169 0 0 3 0x14200 pgdaemon pagedaemon 60286 153525 0 0 3 0x14200 bored crynlk 18624 93633 0 0 3 0x14200 bored crypto 86204 17886 0 0 3 0x40014200 acpi0 acpi0 41352 87321 0 0 3 0x14200 bored softnet 85759 143027 0 0 3 0x14200 bored systqmp 68454 492227 0 0 3 0x14200 bored systq 40470 396908 0 0 3 0x40014200 bored softclock 77044 297786 0 0 3 0x40014200 idle0 60272 172073 0 0 3 0x14200 bored smr 1 362778 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9516 6364K 7139K 78643K 11808 0 pcb 16 8K 8K 78643K 147 0 rtable 98 3K 4K 78643K 408 0 ifaddr 82 16K 17K 78643K 183 0 counters 19 16K 16K 78643K 19 0 ioctlops 0 0K 2K 78643K 52 0 iov 0 0K 16K 78643K 132 0 mount 1 1K 1K 78643K 1 0 vnodes 1222 77K 77K 78643K 1641 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 7 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 162 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 530 0 sigio 1 0K 0K 78643K 49 0 proc 48 38K 54K 78643K 441 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 48 0 in_multi 60 2K 3K 78643K 92 0 ether_multi 1 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 85 387K 387K 78643K 85 0 exec 0 0K 1K 78643K 251 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 124 30K 31K 78643K 2182 0 UVM aobj 64 2K 2K 78643K 68 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 4 0K 0K 78643K 153 0 NDP 13 0K 0K 78643K 34 0 temp 137 3015K 3653K 78643K 7071 0 kqueue 0 0K 0K 78643K 13 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 11 0 5 1 0 1 1 0 8 0 rtpcb 80 109 0 107 1 0 1 1 0 8 0 rtentry 112 68 0 29 2 0 2 2 0 8 0 unpcb 120 234 0 226 1 0 1 1 0 8 0 syncache 264 10 0 10 4 3 1 1 0 8 1 tcpqe 32 232 0 232 2 2 0 1 0 8 0 tcpcb 544 265 0 260 2 1 1 2 0 8 0 ipq 40 7 0 7 3 2 1 1 0 8 1 ipqe 40 145 0 145 3 2 1 1 0 8 1 inpcb 280 885 0 875 5 2 3 3 0 8 2 rttmr 72 2 0 1 1 0 1 1 0 8 0 nd6 48 6 0 4 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 1 0 1 0 8 0 ppxss 1128 9 0 9 2 2 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 307 0 110 17 1 16 17 0 8 2 art_table 32 308 0 110 3 0 3 3 0 8 1 art_node 16 66 0 30 1 0 1 1 0 8 0 sysvmsgpl 40 39 0 20 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 160 0 150 1 0 1 1 0 8 0 shmpl 112 66 0 4 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2198 0 799 46 0 46 46 0 8 0 ffsino 240 2198 0 799 83 0 83 83 0 8 0 nchpl 144 3265 0 2814 61 33 28 61 0 8 8 uvmvnodes 72 2524 0 0 46 0 46 46 0 8 0 vnodes 208 2524 0 0 133 0 133 133 0 8 0 namei 1024 11483 0 11483 1 0 1 1 0 8 1 vcpupl 1984 3 0 0 1 0 1 1 0 8 0 vmpool 528 3 0 0 1 0 1 1 0 8 0 scxspl 192 9464 0 9464 1 0 1 1 0 8 1 plimitpl 152 51 0 44 1 0 1 1 0 8 0 sigapl 432 698 0 684 2 0 2 2 0 8 0 futexpl 56 16505 0 16503 1 0 1 1 0 8 0 knotepl 112 151 0 132 1 0 1 1 0 8 0 kqueuepl 104 140 0 138 1 0 1 1 0 8 0 pipepl 112 482 0 463 2 1 1 2 0 8 0 fdescpl 424 699 0 684 2 0 2 2 0 8 0 filepl 120 6982 0 6884 6 2 4 5 0 8 1 lockfpl 104 178 0 177 1 0 1 1 0 8 0 lockfspl 48 59 0 58 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 24 0 14 1 0 1 1 0 8 0 ucredpl 96 1941 0 1934 1 0 1 1 0 8 0 zombiepl 144 684 0 684 1 0 1 1 0 8 1 processpl 872 714 0 684 4 0 4 4 0 8 0 procpl 632 1373 0 1333 4 0 4 4 0 8 0 sosppl 128 17 0 17 2 1 1 1 0 8 1 sockpl 384 1247 0 1227 7 3 4 6 0 8 1 mcl64k 65536 49 0 49 1 0 1 1 0 8 1 mcl16k 16384 18 0 18 1 0 1 1 0 8 1 mcl12k 12288 19 0 19 2 1 1 1 0 8 1 mcl9k 9216 7 0 7 2 1 1 1 0 8 1 mcl8k 8192 68 0 68 1 0 1 1 0 8 1 mcl4k 4096 102 0 102 2 1 1 1 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 68911 0 68861 21 13 8 17 0 8 1 mtagpl 80 28 0 13 2 1 1 1 0 8 0 mbufpl 256 115821 0 115641 44 23 21 35 0 8 8 bufpl 280 7792 0 1608 442 0 442 442 0 8 0 anonpl 16 97334 0 79296 100 7 93 94 0 107 15 amapchunkpl 152 3704 0 3551 17 6 11 11 0 158 5 amappl16 192 4079 0 3021 72 12 60 64 0 8 7 amappl15 184 52 0 48 1 0 1 1 0 8 0 amappl14 176 33 0 29 1 0 1 1 0 8 0 amappl13 168 454 0 452 1 0 1 1 0 8 0 amappl12 160 21 0 17 1 0 1 1 0 8 0 amappl11 152 54 0 43 1 0 1 1 0 8 0 amappl10 144 43 0 38 1 0 1 1 0 8 0 amappl9 136 563 0 559 1 0 1 1 0 8 0 amappl8 128 137 0 105 2 0 2 2 0 8 0 amappl7 120 122 0 110 1 0 1 1 0 8 0 amappl6 112 57 0 51 1 0 1 1 0 8 0 amappl5 104 222 0 211 1 0 1 1 0 8 0 amappl4 96 1380 0 1351 1 0 1 1 0 8 0 amappl3 88 136 0 129 1 0 1 1 0 8 0 amappl2 80 4798 0 4722 3 1 2 3 0 8 0 amappl1 72 21756 0 21317 26 16 10 20 0 8 0 amappl 80 1650 0 1602 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 67 0 4 2 0 2 2 0 8 0 uaddrrnd 24 702 0 684 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 702 0 684 1 0 1 1 0 8 0 vmmpekpl 168 8694 0 8671 2 0 2 2 0 8 0 vmmpepl 168 90908 0 88630 162 26 136 136 0 357 36 vmsppl 272 701 0 684 3 1 2 2 0 8 0 pdppl 4096 1410 0 1371 6 1 5 6 0 8 0 pvpl 32 257670 0 236505 220 7 213 218 0 265 33 pmappl 200 701 0 684 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 188 0 43 5 0 5 5 0 8 0