panic: m_copydata: null mbpuafn i Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 286114 5653 0 0 0x4000000 1 syz-executor.0 *439894 8057 0 0x14000 0x200 0 softnet db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 m_copydata(fffffd8061ea2900,6f8,8,fffffd80690a9220) at m_copydata+0x17e m_getptr sys/kern/uipc_mbuf.c:1031 [inline] m_copydata(fffffd8061ea2900,6f8,8,fffffd80690a9220) at m_copydata+0x17e sys/kern/uipc_mbuf.c:722 ip6_pullexthdr(fffffd8061ea2900,6f8,0) at ip6_pullexthdr+0x16f sys/netinet6/ip6_input.c:1149 ip6_savecontrol(fffffd806f6d1118,fffffd8061ea2900,ffff800020a36e40) at ip6_savecontrol+0x373 sys/netinet6/ip6_input.c:1036 rip6_input(ffff800020a37098,ffff800020a370a4,0,18) at rip6_input+0x50b sys/netinet6/raw_ip6.c:206 ip_deliver(ffff800020a37098,ffff800020a370a4,0,18) at ip_deliver+0x353 sys/netinet/ip_input.c:665 ip6_input_if(ffff800020a37098,ffff800020a370a4,29,0,ffff80000066d000) at ip6_input_if+0x17cb ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff800020a37098,ffff800020a370a4,29,0,ffff80000066d000) at ip6_input_if+0x17cb sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000066d000,fffffd8065fb1900) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000066d000,fffffd8065fb1900,18) at if_input_local+0x121 sys/net/if.c:783 loinput(ffff80000066d000,fffffd8065fb1900,0) at loinput+0x4f sys/net/if_loop.c:235 if_input_process(ffff80000066d000,ffff800020a37208) at if_input_process+0xfb if_ih_input sys/net/if.c:912 [inline] if_input_process(ffff80000066d000,ffff800020a37208) at if_input_process+0xfb sys/net/if.c:946 ifiq_process(ffff80000066d3f0) at ifiq_process+0x80 sys/net/ifq.c:607 taskq_thread(ffff800000023080) at taskq_thread+0x9c sys/kern/kern_task.c:368 end trace frame: 0x0, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic m_copydata: null mbuf ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 m_copydata(fffffd8061ea2900,6f8,8,fffffd80690a9220) at m_copydata+0x17e m_getptr sys/kern/uipc_mbuf.c:1031 [inline] m_copydata(fffffd8061ea2900,6f8,8,fffffd80690a9220) at m_copydata+0x17e sys/kern/uipc_mbuf.c:722 ip6_pullexthdr(fffffd8061ea2900,6f8,0) at ip6_pullexthdr+0x16f sys/netinet6/ip6_input.c:1149 ip6_savecontrol(fffffd806f6d1118,fffffd8061ea2900,ffff800020a36e40) at ip6_savecontrol+0x373 sys/netinet6/ip6_input.c:1036 rip6_input(ffff800020a37098,ffff800020a370a4,0,18) at rip6_input+0x50b sys/netinet6/raw_ip6.c:206 ip_deliver(ffff800020a37098,ffff800020a370a4,0,18) at ip_deliver+0x353 sys/netinet/ip_input.c:665 ip6_input_if(ffff800020a37098,ffff800020a370a4,29,0,ffff80000066d000) at ip6_input_if+0x17cb ip6_ours sys/netinet6/ip6_input.c:518 [inline] ip6_input_if(ffff800020a37098,ffff800020a370a4,29,0,ffff80000066d000) at ip6_input_if+0x17cb sys/netinet6/ip6_input.c:340 ipv6_input(ffff80000066d000,fffffd8065fb1900) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000066d000,fffffd8065fb1900,18) at if_input_local+0x121 sys/net/if.c:783 loinput(ffff80000066d000,fffffd8065fb1900,0) at loinput+0x4f sys/net/if_loop.c:235 if_input_process(ffff80000066d000,ffff800020a37208) at if_input_process+0xfb if_ih_input sys/net/if.c:912 [inline] if_input_process(ffff80000066d000,ffff800020a37208) at if_input_process+0xfb sys/net/if.c:946 ifiq_process(ffff80000066d3f0) at ifiq_process+0x80 sys/net/ifq.c:607 taskq_thread(ffff800000023080) at taskq_thread+0x9c sys/kern/kern_task.c:368 end trace frame: 0x0, count: -14 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020a36bb0 rbx 0xffff800020a36c60 rdx 0xffff800020a10278 rcx 0 rax 0 r8 0xffffffff81879bcf kprintf+0x16f r9 0x1 r10 0x25 r11 0x40c2b7b835e1ac1 r12 0x3000000008 r13 0xffff800020a36bc0 r14 0x100 r15 0x1 rip 0xffffffff81db2358 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020a36ba0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (softnet) pid=439894 stat=onproc flags process=14000 proc=200 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020a10000,0xffff800020a10ee0 process=0xffff800020a12000 user=0xffff800020a32000, vmspace=0xffffffff82641920 estcpu=0, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 14965 396456 54695 0 2 0 syz-executor.1 14965 252127 54695 0 2 0x4000000 syz-executor.1 5653 206399 33596 0 2 0 syz-executor.0 5653 196478 33596 0 3 0x4000000 netlock syz-executor.0 5653 286114 33596 0 7 0x4000000 syz-executor.0 33596 92517 8029 0 3 0x82 nanosleep syz-executor.0 54695 43697 8029 0 3 0x82 nanosleep syz-executor.1 19299 48406 1 0 3 0x100083 ttyopn getty 28207 234465 0 0 3 0x14200 bored sosplice 8029 155744 29363 0 3 0x82 thrsleep syz-fuzzer 8029 281445 29363 0 3 0x4000082 thrsleep syz-fuzzer 8029 350795 29363 0 3 0x4000082 thrsleep syz-fuzzer 8029 496943 29363 0 3 0x4000082 thrsleep syz-fuzzer 8029 396539 29363 0 3 0x4000082 kqread syz-fuzzer 8029 310217 29363 0 3 0x4000082 thrsleep syz-fuzzer 8029 164246 29363 0 3 0x4000082 thrsleep syz-fuzzer 8029 346991 29363 0 3 0x4000082 thrsleep syz-fuzzer 8029 223677 29363 0 3 0x4000082 thrsleep syz-fuzzer 8029 199546 29363 0 3 0x4000082 thrsleep syz-fuzzer 29363 424449 68128 0 3 0x10008a pause ksh 68128 499690 86569 0 3 0x92 select sshd 86569 480905 1 0 3 0x80 select sshd 89016 520778 53292 74 3 0x100092 bpf pflogd 53292 82039 1 0 3 0x80 netio pflogd 41021 57293 63521 73 3 0x100090 kqread syslogd 63521 204867 1 0 3 0x100082 netio syslogd 11648 202060 1 77 3 0x100090 poll dhclient 53239 70734 1 0 3 0x80 poll dhclient 64677 135019 0 0 2 0x14200 zerothread 69605 26593 0 0 3 0x14200 aiodoned aiodoned 10247 237701 0 0 3 0x14200 syncer update 87747 341243 0 0 3 0x14200 cleaner cleaner 79695 329877 0 0 3 0x14200 reaper reaper 76350 3514 0 0 3 0x14200 pgdaemon pagedaemon 26011 414741 0 0 3 0x14200 bored crynlk 76294 453269 0 0 3 0x14200 bored crypto 81250 195215 0 0 3 0x40014200 acpi0 acpi0 58856 184483 0 0 3 0x40014200 idle1 * 8057 439894 0 0 7 0x14200 softnet 82950 343039 0 0 3 0x14200 bored systqmp 29054 108401 0 0 3 0x14200 bored systq 43839 58620 0 0 3 0x40014200 bored softclock 4492 517103 0 0 3 0x40014200 idle0 99327 445079 0 0 3 0x14200 bored smr 1 149554 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 5653 (syz-executor.0) thread 0xffff800020ab1b40 (206399) shared rwlock vmmaplk r = 0 (0xfffffd807f00a468) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1448 #2 uvm_fault+0xd85 sys/uvm/uvm_fault.c:524 #3 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199 #4 usertrap+0x21a sys/arch/amd64/amd64/trap.c:369 #5 recall_trap+0x8 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82645558) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 pageflttrap+0x6f sys/arch/amd64/amd64/trap.c:162 #2 usertrap+0x21a sys/arch/amd64/amd64/trap.c:369 #3 recall_trap+0x8 Process 8057 (softnet) thread 0xffff800020a10278 (439894) shared rwlock netlock r = 0 (0xffffffff824fd158) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 if_input_process+0x84 sys/net/if.c:944 #2 ifiq_process+0x80 sys/net/ifq.c:607 #3 taskq_thread+0x9c sys/kern/kern_task.c:368 #4 proc_trampoline+0x1c shared rwlock softnet r = 0 (0xffff8000000230e0) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 taskq_thread+0x8f sys/kern/kern_task.c:367 #2 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9619 7100K 8889K 78643K 53709 0 0 pcb 17 10K 12K 78643K 2125 0 0 rtable 185 17K 18K 78643K 9169 0 0 ifaddr 237 60K 61K 78643K 2334 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1937 0 0 iov 0 0K 24K 78643K 1630 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1240 78K 78K 78643K 14426 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 249 0 0 VM map 51 25K 25K 78643K 70 0 0 sem 12 0K 1K 78643K 1988 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 6 17K 25K 78643K 11420 0 0 sigio 0 0K 0K 78643K 1449 0 0 proc 62 63K 95K 78643K 2782 0 0 subproc 32 2K 2K 78643K 731 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 1K 78643K 1390 0 0 in_multi 48 3K 3K 78643K 3552 0 0 ether_multi 1 0K 0K 78643K 63 0 0 mrt 0 0K 0K 78643K 31 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 102 450K 450K 78643K 102 0 0 exec 0 0K 1K 78643K 1389 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 229 442K 442K 78643K 37369 0 0 UVM aobj 130 5K 5K 78643K 138 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 2 0K 2K 78643K 1945 0 0 NDP 24 0K 1K 78643K 984 0 0 temp 209 3565K 4205K 78643K 216824 0 0 kqueue 0 0K 0K 78643K 47 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 120 0 114 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 1279 0 1277 1 0 1 1 0 8 0 rtentry 112 2539 0 2465 5 2 3 3 0 8 0 unpcb 120 13542 0 13523 15 14 1 2 0 8 0 syncache 264 30 0 30 15 15 0 1 0 8 0 tcpqe 32 81 0 81 6 6 0 1 0 8 0 tcpcb 544 3676 0 3667 32 31 1 11 0 8 0 inpcb 280 29985 0 29971 59 56 3 9 0 8 2 rttmr 72 8 0 8 6 6 0 1 0 8 0 ip6q 72 12 0 12 6 6 0 1 0 8 0 ip6af 40 22 0 22 5 5 0 1 0 8 0 nd6 48 562 0 558 3 2 1 1 0 8 0 pkpcb 40 31 0 31 13 13 0 1 0 8 0 swfcl 56 5 0 0 1 0 1 1 0 8 0 ppxss 1128 179 0 179 30 29 1 1 0 8 1 pffrag 232 654 0 654 40 40 0 16 0 482 0 pffrnode 88 307 0 307 25 25 0 1 0 8 0 pffrent 40 11810 0 11810 28 28 0 4 0 8 0 pfosfp 40 846 0 846 5 5 0 5 0 8 0 pfosfpen 112 1428 0 1428 21 21 0 21 0 8 0 pfstitem 24 1798 0 1756 3 1 2 2 0 8 0 pfstkey 112 1801 0 1759 16 12 4 10 0 8 0 pfstate 328 1801 0 1756 52 46 6 27 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 12 0 8 10 6 4 6 0 8 0 art_heap4 256 14288 0 14009 42 24 18 20 0 8 0 art_table 32 14300 0 14017 3 0 3 3 0 8 0 art_node 16 2534 0 2482 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 9 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 1986 0 1976 1 0 1 1 0 8 0 shmpl 112 136 0 8 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 18307 0 16873 47 0 47 47 0 8 0 ffsino 272 18307 0 16873 96 0 96 96 0 8 0 nchpl 144 36301 0 35842 61 41 20 61 0 8 0 uvmvnodes 72 6779 0 0 124 0 124 124 0 8 0 vnodes 208 6779 0 0 357 0 357 357 0 8 0 namei 1024 117374 0 117374 5 4 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vcpupl 1984 49 0 0 7 0 7 7 0 8 0 vmpool 552 68 0 19 4 0 4 4 0 8 0 scsiplug 64 8 0 8 4 4 0 1 0 8 0 scxspl 192 105455 0 105455 54 53 1 7 0 8 1 plimitpl 152 468 0 460 1 0 1 1 0 8 0 sigapl 432 11501 0 11485 3 1 2 3 0 8 0 futexpl 56 245634 0 245634 2 1 1 1 0 8 1 knotepl 112 1640 0 1621 6 5 1 3 0 8 0 kqueuepl 104 2430 0 2428 4 3 1 4 0 8 0 pipepl 112 8078 0 8059 18 17 1 2 0 8 0 fdescpl 488 11502 0 11485 3 0 3 3 0 8 0 filepl 152 107015 0 106910 69 64 5 14 0 8 0 lockfpl 104 2852 0 2851 1 0 1 1 0 8 0 lockfspl 48 916 0 915 1 0 1 1 0 8 0 sessionpl 112 65 0 54 1 0 1 1 0 8 0 pgrppl 48 181 0 170 1 0 1 1 0 8 0 ucredpl 96 9821 0 9810 1 0 1 1 0 8 0 zombiepl 144 11490 0 11490 3 2 1 1 0 8 1 processpl 896 11523 0 11490 4 0 4 4 0 8 0 procpl 632 34387 0 34342 20 15 5 5 0 8 0 srpgc 64 76 0 76 23 23 0 1 0 8 0 sosppl 128 228 0 228 23 23 0 1 0 8 0 sockpl 384 46171 0 46133 109 103 6 15 0 8 1 mcl64k 65536 495 0 0 41 9 32 35 0 8 0 mcl16k 16384 41 0 0 5 3 2 3 0 8 0 mcl12k 12288 49 0 0 2 0 2 2 0 8 0 mcl9k 9216 32 0 0 2 0 2 2 0 8 0 mcl8k 8192 19 0 0 3 0 3 3 0 8 0 mcl4k 4096 33 0 0 3 0 3 3 0 8 0 mcl2k2 2112 12 0 0 1 0 1 1 0 8 0 mcl2k 2048 396 0 0 24 13 11 20 0 8 0 mtagpl 80 69 0 0 1 0 1 1 0 8 0 mbufpl 256 1668 0 0 63 1 62 62 0 8 0 bufpl 256 38285 0 31227 442 0 442 442 0 8 0 anonpl 16 1093282 0 1070177 251 145 106 118 0 124 0 amapchunkpl 152 72145 0 71731 130 113 17 24 0 158 0 amappl16 192 55526 0 54267 235 171 64 74 0 8 0 amappl15 184 527 0 527 5 5 0 1 0 8 0 amappl14 176 2123 0 2116 1 0 1 1 0 8 0 amappl13 168 3441 0 3441 6 6 0 1 0 8 0 amappl12 160 174 0 172 1 0 1 1 0 8 0 amappl11 152 1114 0 1098 1 0 1 1 0 8 0 amappl10 144 648 0 643 1 0 1 1 0 8 0 amappl9 136 3702 0 3698 1 0 1 1 0 8 0 amappl8 128 3360 0 3282 3 0 3 3 0 8 0 amappl7 120 853 0 843 1 0 1 1 0 8 0 amappl6 112 1020 0 1003 1 0 1 1 0 8 0 amappl5 104 710 0 695 1 0 1 1 0 8 0 amappl4 96 12007 0 11974 1 0 1 1 0 8 0 amappl3 88 2730 0 2719 1 0 1 1 0 8 0 amappl2 80 90320 0 90229 3 1 2 3 0 8 0 amappl1 72 249204 0 248743 25 15 10 20 0 8 0 amappl 80 35422 0 35343 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 137 0 8 3 0 3 3 0 8 0 uaddrrnd 24 11570 0 11485 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 11570 0 11485 1 0 1 1 0 8 0 vmmpekpl 168 87439 0 87393 5 2 3 3 0 8 0 vmmpepl 168 1410162 0 1407441 655 495 160 160 0 357 36 vmsppl 368 11501 0 11485 2 0 2 2 0 8 0 pdppl 4096 23147 0 23057 16 4 12 12 0 8 0 pvpl 32 3174801 0 3154447 554 358 196 227 0 265 0 pmappl 232 11569 0 11504 6 2 4 4 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 791 0 98 21 1 20 21 0 8 0