panic: m_copydata: null mbuf Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *243466 39208 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8224f586) at panic+0x15c sys/kern/subr_prf.c:207 m_copydata(fffffd806bc21e00,30,8,fffffd806bc21920) at m_copydata+0x17e m_getptr sys/kern/uipc_mbuf.c:1031 [inline] m_copydata(fffffd806bc21e00,30,8,fffffd806bc21920) at m_copydata+0x17e sys/kern/uipc_mbuf.c:722 ip6_pullexthdr(fffffd806bc21e00,30,0) at ip6_pullexthdr+0x16f sys/netinet6/ip6_input.c:1169 ip6_savecontrol(fffffd805e568af0,fffffd806bc21e00,ffff800020435940) at ip6_savecontrol+0x373 sys/netinet6/ip6_input.c:1056 rip6_input(ffff800020435b98,ffff800020435ba4,0,18) at rip6_input+0x75b sys/netinet6/raw_ip6.c:225 ip_deliver(ffff800020435b98,ffff800020435ba4,0,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668 ip6_input_if(ffff800020435b98,ffff800020435ba4,29,0,ffff80000017a2a8) at ip6_input_if+0xf26 ipv6_input(ffff80000017a2a8,fffffd806bc21e00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000017a2a8,fffffd806bc21e00,18) at if_input_local+0x121 sys/net/if.c:780 ip6_output(fffffd806bc21400,ffff800000a07d00,fffffd805e568070,0,0,fffffd805e568000) at ip6_output+0xd02 rip6_output(fffffd806bc21400,fffffd8054b0e010,ffff800020435f00,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd8054b0e010,9,fffffd806bc21400,0,0,ffff80001d3a8600) at rip6_usrreq+0x5e1 sys/netinet6/raw_ip6.c:670 sosend(fffffd8054b0e010,0,ffff800020436148,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549 end trace frame: 0xffff800020436130, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic m_copydata: null mbuf ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8224f586) at panic+0x15c sys/kern/subr_prf.c:207 m_copydata(fffffd806bc21e00,30,8,fffffd806bc21920) at m_copydata+0x17e m_getptr sys/kern/uipc_mbuf.c:1031 [inline] m_copydata(fffffd806bc21e00,30,8,fffffd806bc21920) at m_copydata+0x17e sys/kern/uipc_mbuf.c:722 ip6_pullexthdr(fffffd806bc21e00,30,0) at ip6_pullexthdr+0x16f sys/netinet6/ip6_input.c:1169 ip6_savecontrol(fffffd805e568af0,fffffd806bc21e00,ffff800020435940) at ip6_savecontrol+0x373 sys/netinet6/ip6_input.c:1056 rip6_input(ffff800020435b98,ffff800020435ba4,0,18) at rip6_input+0x75b sys/netinet6/raw_ip6.c:225 ip_deliver(ffff800020435b98,ffff800020435ba4,0,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668 ip6_input_if(ffff800020435b98,ffff800020435ba4,29,0,ffff80000017a2a8) at ip6_input_if+0xf26 ipv6_input(ffff80000017a2a8,fffffd806bc21e00) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000017a2a8,fffffd806bc21e00,18) at if_input_local+0x121 sys/net/if.c:780 ip6_output(fffffd806bc21400,ffff800000a07d00,fffffd805e568070,0,0,fffffd805e568000) at ip6_output+0xd02 rip6_output(fffffd806bc21400,fffffd8054b0e010,ffff800020435f00,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd8054b0e010,9,fffffd806bc21400,0,0,ffff80001d3a8600) at rip6_usrreq+0x5e1 sys/netinet6/raw_ip6.c:670 sosend(fffffd8054b0e010,0,ffff800020436148,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549 dofilewritev(ffff80001d3a8600,6,ffff800020436148,0,ffff800020436230) at dofilewritev+0x1ab sys/kern/sys_generic.c:365 sys_write(ffff80001d3a8600,ffff8000204361e8,ffff800020436230) at sys_write+0x83 sys/kern/sys_generic.c:285 syscall(ffff8000204362b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xca500f918d0, count: -18 ddb> show registers rdi 0xffffffff8140c367 db_enter+0x17 rsi 0x100a __ALIGN_SIZE+0xa rbp 0xffff8000204356b0 rbx 0xffff800020435760 rdx 0x100b __ALIGN_SIZE+0xb rcx 0xffff80001e431000 rax 0xffff80001e431000 r8 0xffff800020435670 r9 0x1 r10 0xffff800000a94980 r11 0xbcd36515808fefe0 r12 0x3000000008 r13 0xffff8000204356c0 r14 0x100 r15 0x1 rip 0xffffffff8140c368 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000204356a0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=243466 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff80001d3a7c40,0xffffffff825aad40 process=0xffff8000ffff9940 user=0xffff800020431000, vmspace=0xfffffd805eb5dbc0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 39208 123643 67279 0 2 0 syz-executor.1 *39208 243466 67279 0 7 0x4000000 syz-executor.1 67279 477354 50192 0 3 0x82 nanosleep syz-executor.1 60252 106615 0 0 3 0x14200 acct acct 41810 291732 0 0 3 0x14200 bored sosplice 73270 71706 50192 0 2 0x2 syz-executor.0 50192 117545 70601 0 3 0x82 thrsleep syz-fuzzer 50192 401474 70601 0 3 0x4000082 nanosleep syz-fuzzer 50192 173083 70601 0 3 0x4000082 thrsleep syz-fuzzer 50192 297389 70601 0 3 0x4000082 thrsleep syz-fuzzer 50192 154185 70601 0 3 0x4000082 thrsleep syz-fuzzer 50192 308768 70601 0 3 0x4000082 kqread syz-fuzzer 50192 104460 70601 0 3 0x4000082 thrsleep syz-fuzzer 70601 38677 11653 0 3 0x10008a pause ksh 11653 65128 54963 0 3 0x92 select sshd 89331 463837 1 0 3 0x100083 ttyin getty 54963 133506 1 0 3 0x80 select sshd 49810 303289 17873 73 3 0x100090 kqread syslogd 17873 415427 1 0 3 0x100082 netio syslogd 97994 388261 1 77 3 0x100090 poll dhclient 50295 207993 1 0 3 0x80 poll dhclient 16006 384887 0 0 3 0x14200 bored smr 96378 337693 0 0 2 0x14200 zerothread 43816 237829 0 0 3 0x14200 aiodoned aiodoned 95737 401733 0 0 3 0x14200 syncer update 44637 475152 0 0 3 0x14200 cleaner cleaner 36109 177898 0 0 3 0x14200 reaper reaper 80849 506411 0 0 3 0x14200 pgdaemon pagedaemon 69090 386420 0 0 3 0x14200 bored crynlk 40314 237897 0 0 3 0x14200 bored crypto 79676 387031 0 0 3 0x40014200 acpi0 acpi0 83771 239069 0 0 3 0x14200 bored softnet 29819 390806 0 0 3 0x14200 bored systqmp 56631 129651 0 0 3 0x14200 bored systq 93098 423005 0 0 3 0x40014200 bored softclock 18065 163502 0 0 3 0x40014200 idle0 1 113963 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9496 6348K 6844K 78643K 11109 0 pcb 16 8K 8K 78643K 94 0 rtable 110 3K 3K 78643K 278 0 ifaddr 71 15K 15K 78643K 96 0 counters 21 16K 16K 78643K 24 0 ioctlops 0 0K 2K 78643K 40 0 iov 0 0K 12K 78643K 40 0 mount 1 1K 1K 78643K 1 0 vnodes 1225 77K 77K 78643K 1577 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 9 0 VM map 2 0K 0K 78643K 2 0 sem 11 1K 1K 78643K 17 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 5 13K 25K 78643K 449 0 sigio 2 0K 0K 78643K 30 0 proc 52 38K 55K 78643K 432 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 1 0K 0K 78643K 135 0 in_multi 73 4K 4K 78643K 117 0 ether_multi 2 0K 0K 78643K 11 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 243 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 95 53K 53K 78643K 1853 0 UVM aobj 15 2K 2K 78643K 18 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 2 0K 0K 78643K 84 0 NDP 10 0K 0K 78643K 19 0 temp 100 3032K 3096K 78643K 20356 0 kqueue 3 4K 8K 78643K 8 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 rtpcb 80 35 0 33 1 0 1 1 0 8 0 rtentry 112 57 0 12 2 0 2 2 0 8 0 unpcb 120 259 0 251 1 0 1 1 0 8 0 syncache 264 6 0 6 2 2 0 1 0 8 0 tcpqe 32 28 0 28 1 1 0 1 0 8 0 tcpcb 544 322 0 316 1 0 1 1 0 8 0 ipq 40 3 0 3 1 1 0 1 0 8 0 ipqe 40 7 0 7 1 1 0 1 0 8 0 inpcb 280 835 0 824 2 0 2 2 0 8 1 nd6 48 9 0 3 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 238 0 44 13 0 13 13 0 8 0 art_table 32 240 0 44 2 0 2 2 0 8 0 art_node 16 56 0 15 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 12 2 1 1 1 0 8 1 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 10 0 1 1 0 1 1 0 8 0 shmpl 112 16 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2225 0 824 46 0 46 46 0 8 0 ffsino 240 2225 0 824 83 0 83 83 0 8 0 nchpl 144 3030 0 1433 60 0 60 60 0 8 0 uvmvnodes 72 2441 0 0 45 0 45 45 0 8 0 vnodes 208 2441 0 0 129 0 129 129 0 8 0 namei 1024 7984 0 7984 1 0 1 1 0 8 1 vcpupl 1984 3 0 0 1 0 1 1 0 8 0 vmpool 528 4 0 1 1 0 1 1 0 8 0 scxspl 192 8787 0 8787 1 0 1 1 0 8 1 plimitpl 152 52 0 45 1 0 1 1 0 8 0 sigapl 424 634 0 604 4 0 4 4 0 8 0 futexpl 56 7810 0 7810 1 0 1 1 0 8 1 knotepl 112 72 0 53 1 0 1 1 0 8 0 kqueuepl 144 36 0 34 1 0 1 1 0 8 0 pipelkpl 16 159 0 149 1 0 1 1 0 8 0 pipepl 120 318 0 299 1 0 1 1 0 8 0 fdescpl 432 618 0 604 2 0 2 2 0 8 0 filepl 120 3874 0 3775 4 0 4 4 0 8 1 lockfpl 104 72 0 71 1 0 1 1 0 8 0 lockfspl 48 27 0 26 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 26 0 16 1 0 1 1 0 8 0 ucredpl 96 341 0 334 1 0 1 1 0 8 0 zombiepl 144 604 0 604 1 0 1 1 0 8 1 processpl 920 634 0 604 4 0 4 4 0 8 0 procpl 624 1104 0 1067 4 0 4 4 0 8 1 sosppl 128 9 0 9 1 1 0 1 0 8 0 sockpl 400 1130 0 1109 4 0 4 4 0 8 1 mcl64k 65536 247 0 247 29 21 8 29 0 8 8 mcl16k 16384 7 0 7 2 2 0 1 0 8 0 mcl12k 12288 5 0 5 1 0 1 1 0 8 1 mcl9k 9216 3 0 3 1 1 0 1 0 8 0 mcl8k 8192 6 0 6 1 0 1 1 0 8 1 mcl4k 4096 18 0 18 3 2 1 1 0 8 1 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 60432 0 60384 18 11 7 15 0 8 0 mtagpl 80 28 0 8 2 1 1 1 0 8 0 mbufpl 256 98342 0 98203 23 6 17 22 0 8 8 bufpl 280 4946 0 161 342 0 342 342 0 8 0 anonpl 16 70719 0 57037 73 1 72 72 0 107 14 amapchunkpl 152 2752 0 2618 14 1 13 13 0 158 6 amappl16 192 2969 0 2174 52 0 52 52 0 8 12 amappl15 184 2 0 1 1 0 1 1 0 8 0 amappl14 176 1 0 1 1 1 0 1 0 8 0 amappl13 168 30 0 28 1 0 1 1 0 8 0 amappl12 160 80 0 79 1 0 1 1 0 8 0 amappl11 152 387 0 372 1 0 1 1 0 8 0 amappl10 144 14 0 10 1 0 1 1 0 8 0 amappl9 136 376 0 373 1 0 1 1 0 8 0 amappl8 128 280 0 269 1 0 1 1 0 8 0 amappl7 120 115 0 102 1 0 1 1 0 8 0 amappl6 112 349 0 343 1 0 1 1 0 8 0 amappl5 104 231 0 220 1 0 1 1 0 8 0 amappl4 96 777 0 750 1 0 1 1 0 8 0 amappl3 88 119 0 114 1 0 1 1 0 8 0 amappl2 80 4153 0 4088 3 1 2 3 0 8 0 amappl1 72 20732 0 20312 23 13 10 20 0 8 0 amappl 80 1370 0 1327 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 17 0 3 1 0 1 1 0 8 0 uaddrrnd 24 622 0 605 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 622 0 605 1 0 1 1 0 8 0 vmmpekpl 168 7528 0 7502 2 0 2 2 0 8 0 vmmpepl 168 79150 0 77288 126 15 111 124 0 357 27 vmsppl 272 621 0 605 3 1 2 2 0 8 0 pdppl 4096 1250 0 1213 7 1 6 6 0 8 1 pvpl 32 211504 0 195101 168 0 168 168 0 265 29 pmappl 200 621 0 605 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 199 0 46 6 0 6 6 0 8 0