login: panic: m_copydata: null mbuf Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *287934 18988 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8224d5a1) at panic+0x15c sys/kern/subr_prf.c:207 m_copydata(fffffd805e10e400,30,2,ffff80001e445908) at m_copydata+0x17e m_getptr sys/kern/uipc_mbuf.c:1031 [inline] m_copydata(fffffd805e10e400,30,2,ffff80001e445908) at m_copydata+0x17e sys/kern/uipc_mbuf.c:722 ip6_pullexthdr(fffffd805e10e400,30,0) at ip6_pullexthdr+0xa2 sys/netinet6/ip6_input.c:1146 ip6_savecontrol(fffffd805c356d28,fffffd805e10e400,ffff80001e445a70) at ip6_savecontrol+0x373 sys/netinet6/ip6_input.c:1056 rip6_input(ffff80001e445cc8,ffff80001e445cd4,0,18) at rip6_input+0x75b sys/netinet6/raw_ip6.c:225 ip_deliver(ffff80001e445cc8,ffff80001e445cd4,0,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668 ip6_input_if(ffff80001e445cc8,ffff80001e445cd4,29,0,ffff80000017a2a8) at ip6_input_if+0xf26 ipv6_input(ffff80000017a2a8,fffffd805e10e400) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000017a2a8,fffffd805e10e400,18) at if_input_local+0x121 sys/net/if.c:780 ip6_output(fffffd805e10ef00,ffff800000a09b80,fffffd805c356a50,0,0,fffffd805c3569e0) at ip6_output+0xd02 rip6_output(fffffd805e10ef00,fffffd806b7c5970,ffff80001e446030,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd806b7c5970,9,fffffd805e10ef00,0,0,ffff80001d339008) at rip6_usrreq+0x5e1 sys/netinet6/raw_ip6.c:670 sosend(fffffd806b7c5970,0,ffff80001e446278,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549 end trace frame: 0xffff80001e446260, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic m_copydata: null mbuf ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff8224d5a1) at panic+0x15c sys/kern/subr_prf.c:207 m_copydata(fffffd805e10e400,30,2,ffff80001e445908) at m_copydata+0x17e m_getptr sys/kern/uipc_mbuf.c:1031 [inline] m_copydata(fffffd805e10e400,30,2,ffff80001e445908) at m_copydata+0x17e sys/kern/uipc_mbuf.c:722 ip6_pullexthdr(fffffd805e10e400,30,0) at ip6_pullexthdr+0xa2 sys/netinet6/ip6_input.c:1146 ip6_savecontrol(fffffd805c356d28,fffffd805e10e400,ffff80001e445a70) at ip6_savecontrol+0x373 sys/netinet6/ip6_input.c:1056 rip6_input(ffff80001e445cc8,ffff80001e445cd4,0,18) at rip6_input+0x75b sys/netinet6/raw_ip6.c:225 ip_deliver(ffff80001e445cc8,ffff80001e445cd4,0,18) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668 ip6_input_if(ffff80001e445cc8,ffff80001e445cd4,29,0,ffff80000017a2a8) at ip6_input_if+0xf26 ipv6_input(ffff80000017a2a8,fffffd805e10e400) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 if_input_local(ffff80000017a2a8,fffffd805e10e400,18) at if_input_local+0x121 sys/net/if.c:780 ip6_output(fffffd805e10ef00,ffff800000a09b80,fffffd805c356a50,0,0,fffffd805c3569e0) at ip6_output+0xd02 rip6_output(fffffd805e10ef00,fffffd806b7c5970,ffff80001e446030,0) at rip6_output+0x4d7 sys/netinet6/raw_ip6.c:481 rip6_usrreq(fffffd806b7c5970,9,fffffd805e10ef00,0,0,ffff80001d339008) at rip6_usrreq+0x5e1 sys/netinet6/raw_ip6.c:670 sosend(fffffd806b7c5970,0,ffff80001e446278,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549 dofilewritev(ffff80001d339008,6,ffff80001e446278,0,ffff80001e446360) at dofilewritev+0x1ab sys/kern/sys_generic.c:365 sys_write(ffff80001d339008,ffff80001e446318,ffff80001e446360) at sys_write+0x83 sys/kern/sys_generic.c:285 syscall(ffff80001e4463e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe4f8760ee90, count: -18 ddb> show registers rdi 0xffffffff814c7b47 db_enter+0x17 rsi 0xfcc rbp 0xffff80001e4457e0 rbx 0xffff80001e445890 rdx 0xfcd rcx 0xffff80001f639000 rax 0xffff80001f639000 r8 0xffff80001e4457a0 r9 0x1 r10 0xffff8000009f8f80 r11 0x2e7b51c99df3e2d5 r12 0x3000000008 r13 0xffff80001e4457f0 r14 0x100 r15 0x1 rip 0xffffffff814c7b48 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001e4457d0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=287934 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=58, nice=20 forw=0xffffffffffffffff, list=0xffff80001d33a118,0xffff80001d3a83a0 process=0xffff8000ffffa3a8 user=0xffff80001e441000, vmspace=0xfffffd806bc09000 estcpu=8, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 18988 503578 38276 0 2 0 syz-executor.1 *18988 287934 38276 0 7 0x4000000 syz-executor.1 22111 353293 74702 60928 2 0x10 syz-executor.0 22111 412814 74702 60928 3 0x4000090 fsleep syz-executor.0 22111 493916 74702 60928 3 0x4000090 fsleep syz-executor.0 38276 436994 36167 0 3 0x82 nanosleep syz-executor.1 74702 385812 36167 0 3 0x82 nanosleep syz-executor.0 36167 501837 89843 0 3 0x82 thrsleep syz-fuzzer 36167 499413 89843 0 3 0x4000082 thrsleep syz-fuzzer 36167 520219 89843 0 3 0x4000082 thrsleep syz-fuzzer 36167 235549 89843 0 3 0x4000082 thrsleep syz-fuzzer 36167 37785 89843 0 3 0x4000082 thrsleep syz-fuzzer 36167 370770 89843 0 3 0x4000082 kqread syz-fuzzer 36167 358767 89843 0 3 0x4000082 thrsleep syz-fuzzer 89843 187753 3653 0 3 0x10008a pause ksh 3653 15113 18681 0 3 0x92 select sshd 87771 34999 1 0 3 0x100083 ttyin getty 18681 286937 1 0 3 0x80 select sshd 61237 46754 43690 73 3 0x100090 kqread syslogd 43690 482004 1 0 3 0x100082 netio syslogd 45264 374359 1 77 3 0x100090 poll dhclient 20165 415612 1 0 3 0x80 poll dhclient 26735 102615 0 0 3 0x14200 bored smr 7256 196720 0 0 2 0x14200 zerothread 85085 247323 0 0 3 0x14200 aiodoned aiodoned 16144 500412 0 0 3 0x14200 syncer update 25070 44140 0 0 3 0x14200 cleaner cleaner 49182 60847 0 0 3 0x14200 reaper reaper 69244 497933 0 0 3 0x14200 pgdaemon pagedaemon 40034 118028 0 0 3 0x14200 bored crynlk 8445 424770 0 0 3 0x14200 bored crypto 85685 160626 0 0 3 0x40014200 acpi0 acpi0 58806 414190 0 0 3 0x14200 bored softnet 44018 100761 0 0 3 0x14200 bored systqmp 93604 32044 0 0 3 0x14200 bored systq 77301 478159 0 0 3 0x40014200 bored softclock 28083 477303 0 0 3 0x40014200 idle0 1 197103 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9460 6335K 6456K 78643K 10576 0 pcb 16 8K 8K 78643K 26 0 rtable 107 3K 3K 78643K 193 0 ifaddr 44 10K 10K 78643K 46 0 counters 21 16K 16K 78643K 21 0 ioctlops 0 0K 2K 78643K 15 0 iov 0 0K 16K 78643K 8 0 mount 1 1K 1K 78643K 1 0 vnodes 1217 77K 77K 78643K 1227 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 4 0K 0K 78643K 5 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 58 0 proc 48 38K 63K 78643K 359 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 1 0K 0K 78643K 4 0 in_multi 35 2K 2K 78643K 37 0 ether_multi 2 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 183 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 93 20K 21K 78643K 944 0 UVM aobj 4 2K 2K 78643K 4 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 2 0K 0K 78643K 2 0 NDP 6 0K 0K 78643K 10 0 temp 66 3027K 3091K 78643K 1860 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 0 1 0 1 1 0 8 0 rtpcb 80 19 0 17 1 0 1 1 0 8 0 rtentry 112 46 0 1 2 0 2 2 0 8 0 unpcb 120 47 0 37 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 73 0 73 1 0 1 1 0 8 1 tcpcb 544 19 0 13 1 0 1 1 0 8 0 ipq 40 1 0 1 1 0 1 1 0 8 1 ipqe 40 3 0 3 1 0 1 1 0 8 1 inpcb 280 94 0 78 2 0 2 2 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 45 0 4 1 0 1 1 0 8 0 semapl 112 3 0 1 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1452 0 54 46 0 46 46 0 8 0 ffsino 240 1452 0 54 83 0 83 83 0 8 0 nchpl 144 1713 0 104 60 0 60 60 0 8 0 uvmvnodes 72 1497 0 0 28 0 28 28 0 8 0 vnodes 208 1497 0 0 79 0 79 79 0 8 0 namei 1024 4105 0 4105 1 0 1 1 0 8 1 scxspl 192 5610 0 5610 1 0 1 1 0 8 1 plimitpl 152 15 0 8 1 0 1 1 0 8 0 sigapl 424 244 0 215 4 0 4 4 0 8 0 futexpl 56 558 0 556 1 0 1 1 0 8 0 knotepl 112 53 0 34 1 0 1 1 0 8 0 kqueuepl 144 3 0 0 1 0 1 1 0 8 0 pipelkpl 16 67 0 57 1 0 1 1 0 8 0 pipepl 120 134 0 115 1 0 1 1 0 8 0 fdescpl 432 230 0 215 2 0 2 2 0 8 0 filepl 120 1160 0 1054 4 0 4 4 0 8 0 lockfpl 104 10 0 8 1 0 1 1 0 8 0 lockfspl 48 5 0 3 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 65 0 57 1 0 1 1 0 8 0 zombiepl 144 215 0 215 1 0 1 1 0 8 1 processpl 920 244 0 215 4 0 4 4 0 8 0 procpl 624 283 0 245 4 0 4 4 0 8 1 sockpl 400 161 0 135 3 0 3 3 0 8 0 mcl64k 65536 8 0 8 1 0 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 2 0 2 1 0 1 1 0 8 1 mcl4k 4096 12 0 12 2 1 1 1 0 8 1 mcl2k 2048 57021 0 56972 16 2 14 14 0 8 7 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 90896 0 90804 12 2 10 10 0 8 2 bufpl 280 4443 0 161 306 0 306 306 0 8 0 anonpl 16 36651 0 23494 57 2 55 55 0 107 2 amapchunkpl 152 934 0 798 7 0 7 7 0 158 1 amappl16 192 988 0 236 38 0 38 38 0 8 0 amappl15 184 29 0 23 1 0 1 1 0 8 0 amappl14 176 3 0 2 3 2 1 1 0 8 0 amappl13 168 24 0 23 1 0 1 1 0 8 0 amappl12 160 7 0 6 2 1 1 1 0 8 0 amappl11 152 63 0 50 1 0 1 1 0 8 0 amappl10 144 15 0 10 1 0 1 1 0 8 0 amappl9 136 399 0 394 1 0 1 1 0 8 0 amappl8 128 273 0 261 1 0 1 1 0 8 0 amappl7 120 105 0 95 1 0 1 1 0 8 0 amappl6 112 24 0 18 1 0 1 1 0 8 0 amappl5 104 157 0 144 1 0 1 1 0 8 0 amappl4 96 433 0 406 1 0 1 1 0 8 0 amappl3 88 106 0 101 1 0 1 1 0 8 0 amappl2 80 1047 0 972 3 0 3 3 0 8 1 amappl1 72 13953 0 13521 27 10 17 20 0 8 8 amappl 80 504 0 460 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 3 0 0 1 0 1 1 0 8 0 uaddrrnd 24 230 0 215 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 230 0 215 1 0 1 1 0 8 0 vmmpekpl 168 5626 0 5599 2 0 2 2 0 8 0 vmmpepl 168 34582 0 32671 109 9 100 100 0 357 16 vmsppl 272 229 0 215 2 0 2 2 0 8 1 pdppl 4096 466 0 430 6 0 6 6 0 8 1 pvpl 32 127355 0 111174 138 0 138 138 0 265 7 pmappl 200 229 0 215 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 150 0 7 5 0 5 5 0 8 0