panic: tcp_output Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *342947 19601 32767 0x10 0x4000000 0 syz-executor.6 102030 13647 0 0x14000 0x200 1 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257e05d) at panic+0x177 sys/kern/subr_prf.c:198 tcp_output(ffff800000c515a0) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727 tcp_send(fffffd805cec8ba8,fffffd8069605000,0,fffffd807187c100) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:944 sosend(fffffd805cec8ba8,0,ffff80002e4fdfc0,0,fffffd807187c100,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline] sosend(fffffd805cec8ba8,0,ffff80002e4fdfc0,0,fffffd807187c100,0) at sosend+0x62a sys/kern/uipc_socket.c:646 sendit(ffff800022b2f508,5,ffff80002e4fe140,0,ffff80002e4fe230) at sendit+0x65d sys/kern/uipc_syscalls.c:694 sys_sendmsg(ffff800022b2f508,ffff80002e4fe1e8,ffff80002e4fe230) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601 syscall(ffff80002e4fe2b0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff80002e4fe2b0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1fb866fc260, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: tcp_output ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257e05d) at panic+0x177 sys/kern/subr_prf.c:198 tcp_output(ffff800000c515a0) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727 tcp_send(fffffd805cec8ba8,fffffd8069605000,0,fffffd807187c100) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:944 sosend(fffffd805cec8ba8,0,ffff80002e4fdfc0,0,fffffd807187c100,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline] sosend(fffffd805cec8ba8,0,ffff80002e4fdfc0,0,fffffd807187c100,0) at sosend+0x62a sys/kern/uipc_socket.c:646 sendit(ffff800022b2f508,5,ffff80002e4fe140,0,ffff80002e4fe230) at sendit+0x65d sys/kern/uipc_syscalls.c:694 sys_sendmsg(ffff800022b2f508,ffff80002e4fe1e8,ffff80002e4fe230) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601 syscall(ffff80002e4fe2b0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff80002e4fe2b0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1fb866fc260, count: -9 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002e4fdc20 rbx 0xffffffff829b9b8f cpu_info_full_primary+0x2b8f rdx 0xffff800000bff2c0 rcx 0 rax 0xffff800022b2f508 r8 0x101010101010101 r9 0x8080808080808080 r10 0x3b0d7e352dc00391 r11 0x1167676fb2573e71 r12 0xffffffff829b9990 cpu_info_full_primary+0x2990 r13 0 r14 0 r15 0x1 rip 0xffffffff824835f8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e4fdc10 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.6) pid=342947 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800022b2ea88,0xffff800022b2f278 process=0xffff8000ffff2dd0 user=0xffff80002e4f9000, vmspace=0xfffffd8067833b98 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 15860 466352 23950 32767 2 0x10 syz-executor.2 15860 339384 23950 32767 3 0x4000090 fsleep syz-executor.2 42236 49632 78344 32767 2 0x10 syz-executor.5 42236 364749 78344 32767 3 0x4000090 fsleep syz-executor.5 19601 143000 97198 32767 2 0x10 syz-executor.6 *19601 342947 97198 32767 7 0x4000010 syz-executor.6 92565 519649 38464 32767 3 0x90 nanoslp syz-executor.3 92565 465423 38464 32767 3 0x4000090 fsleep syz-executor.3 92565 15194 38464 32767 3 0x4000090 netio syz-executor.3 7449 385694 73043 32767 3 0x90 nanoslp syz-executor.7 7449 417881 73043 32767 3 0x4000090 nanoslp syz-executor.7 53863 360688 85382 32767 3 0x90 nanoslp syz-executor.0 85382 236312 42381 0 3 0x82 wait syz-executor.0 77368 303027 0 0 3 0x14200 bored sosplice 97198 245535 55686 32767 3 0x90 nanoslp syz-executor.6 55686 223263 42381 0 3 0x82 wait syz-executor.6 73043 331818 49314 32767 3 0x90 nanoslp syz-executor.7 78344 178510 5728 32767 3 0x90 nanoslp syz-executor.5 38464 57097 2195 32767 3 0x90 nanoslp syz-executor.3 49314 438771 42381 0 3 0x82 wait syz-executor.7 58134 211989 89068 32767 3 0x90 nanoslp syz-executor.1 5728 177523 42381 0 3 0x82 wait syz-executor.5 39873 433848 62497 32767 2 0x10 syz-executor.4 23950 435499 93447 32767 3 0x90 nanoslp syz-executor.2 89068 232355 42381 0 3 0x82 wait syz-executor.1 2195 26752 42381 0 3 0x82 wait syz-executor.3 62497 253869 42381 0 3 0x82 wait syz-executor.4 93447 433756 42381 0 3 0x82 wait syz-executor.2 42381 51872 13196 0 3 0x82 thrsleep syz-fuzzer 42381 255247 13196 0 3 0x4000082 thrsleep syz-fuzzer 42381 458641 13196 0 3 0x4000082 thrsleep syz-fuzzer 42381 489563 13196 0 3 0x4000082 wait syz-fuzzer 42381 501184 13196 0 3 0x4000082 thrsleep syz-fuzzer 42381 32679 13196 0 3 0x4000082 wait syz-fuzzer 42381 518022 13196 0 3 0x4000082 wait syz-fuzzer 42381 229959 13196 0 3 0x4000082 thrsleep syz-fuzzer 42381 176253 13196 0 3 0x4000082 wait syz-fuzzer 42381 324026 13196 0 3 0x4000082 wait syz-fuzzer 42381 299194 13196 0 3 0x4000082 wait syz-fuzzer 42381 49920 13196 0 3 0x4000082 wait syz-fuzzer 42381 27055 13196 0 3 0x4000082 thrsleep syz-fuzzer 42381 435718 13196 0 3 0x4000082 thrsleep syz-fuzzer 42381 306742 13196 0 3 0x4000082 wait syz-fuzzer 42381 499857 13196 0 3 0x4000082 kqread syz-fuzzer 13196 172293 50465 0 3 0x10008a sigsusp ksh 50465 85715 21529 0 3 0x9a kqread sshd 53761 307167 1 0 3 0x100083 ttyin getty 21529 224066 1 0 3 0x88 kqread sshd 36042 354866 92377 73 3 0x1100090 kqread syslogd 92377 45776 1 0 3 0x100082 netio syslogd 79053 239110 1 0 3 0x100080 kqread resolvd 77194 495524 86357 77 3 0x100092 kqread dhcpleased 94848 269915 86357 77 3 0x100092 kqread dhcpleased 86357 510769 1 0 3 0x80 kqread dhcpleased 40664 67751 0 0 3 0x14200 bored smr 60662 197739 0 0 2 0x14200 zerothread 18798 277895 0 0 3 0x14200 aiodoned aiodoned 20171 108256 0 0 3 0x14200 syncer update 68135 391133 0 0 3 0x14200 cleaner cleaner 13647 102030 0 0 7 0x14200 reaper 46063 365551 0 0 3 0x14200 pgdaemon pagedaemon 81477 77850 0 0 3 0x14200 bored viomb 41938 295993 0 0 3 0x40014200 acpi0 acpi0 35268 127805 0 0 3 0x40014200 idle1 29487 187466 0 0 3 0x14200 bored softnet 85679 238403 0 0 3 0x14200 bored softnet 28941 80338 0 0 3 0x14200 bored softnet 74120 224885 0 0 3 0x14200 bored softnet 31032 356358 0 0 3 0x14200 bored systqmp 1323 154499 0 0 3 0x14200 bored systq 34941 352113 0 0 3 0x40014200 bored softclock 96405 406578 0 0 3 0x40014200 idle0 1 447976 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 1: exclusive mutex &(curpg)->mdpage.pv_mtx r = 0 (0xfffffd8007c487d8) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 pmap_remove_ptes+0x208 pmap_remove_pv sys/arch/amd64/amd64/pmap.c:1059 [inline] #3 pmap_remove_ptes+0x208 sys/arch/amd64/amd64/pmap.c:1657 #4 pmap_do_remove+0x416 sys/arch/amd64/amd64/pmap.c:1864 #5 uvm_unmap_kill_entry_withlock+0x1af sys/uvm/uvm_map.c:1891 #6 uvm_map_teardown+0x197 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] #6 uvm_map_teardown+0x197 sys/uvm/uvm_map.c:2523 #7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3436 #8 reaper+0x19a sys/kern/kern_exit.c:448 #9 proc_trampoline+0x1c exclusive kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10196 6410K 6419K 78643K 11290 0 pcb 13 10K 12K 78643K 15 0 rtable 236 6K 6K 78643K 494 0 ifaddr 82 16K 16K 78643K 91 0 sysctl 2 0K 0K 78643K 2 0 counters 56 35K 35K 78643K 58 0 ioctlops 0 0K 2K 78643K 41 0 iov 0 0K 16K 78643K 286 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1270 79K 79K 78643K 1519 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 11 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 388 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 23 85K 117K 78643K 1719 0 sigio 0 0K 0K 78643K 82 0 proc 56 78K 115K 78643K 629 0 subproc 104 6K 6K 78643K 117 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1013 0 in_multi 99 6K 6K 78643K 124 0 ether_multi 1 0K 0K 78643K 7 0 mrt 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 157 705K 705K 78643K 157 0 exec 0 0K 2K 78643K 942 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 62K 78643K 8 0 UVM amap 274 84K 87K 78643K 12166 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 54 0 NDP 11 0K 2K 78643K 30 0 temp 124 4726K 4790K 78643K 7120 0 kqueue 12 18K 28K 78643K 166 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 181 0 178 4 3 1 3 0 8 0 rtentry 112 123 0 12 4 0 4 4 0 8 0 unpcb 144 952 0 937 7 6 1 4 0 8 0 syncache 296 33 0 33 4 3 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 50 0 50 3 2 1 1 0 8 1 tcpcb 768 968 0 947 25 19 6 10 0 8 3 arp 120 20 0 2 1 0 1 1 0 8 0 ipq 40 2 0 0 1 0 1 1 0 8 0 ipqe 40 7 0 5 1 0 1 1 0 8 0 inpcb 368 2552 0 2539 25 17 8 13 0 8 6 nd6 48 28 0 3 1 0 1 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 498 0 44 29 0 29 29 0 8 0 art_table 32 499 0 44 4 0 4 4 0 8 0 art_node 16 122 0 21 1 0 1 1 0 8 0 sysvmsgpl 40 23 0 16 1 0 1 1 0 8 0 semapl 112 386 0 376 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 3611 0 2173 91 0 91 91 0 8 0 ffsino 272 3611 0 2173 97 0 97 97 0 8 0 nchpl 144 6015 0 4378 63 0 63 63 0 8 0 uvmvnodes 80 3737 0 0 77 0 77 77 0 8 0 vnodes 216 3737 0 0 208 0 208 208 0 8 0 namei 1024 19821 0 19821 2 1 1 2 0 8 1 percpumem 16 41 0 1 1 0 1 1 0 8 0 kstatmem 264 24 0 2 2 0 2 2 0 8 0 scxspl 216 17579 0 17579 9 8 1 8 0 8 1 plimitpl 152 258 0 236 2 1 1 2 0 8 0 sigapl 424 1996 0 1942 7 0 7 7 0 8 0 futexpl 64 15894 0 15891 1 0 1 1 0 8 0 knotepl 120 223 0 0 7 0 7 7 0 8 0 kqueuepl 216 568 0 560 8 3 5 5 0 8 4 pipepl 320 487 0 459 16 13 3 8 0 8 0 fdescpl 496 1978 0 1944 7 1 6 6 0 8 0 filepl 152 12109 0 11871 29 14 15 20 0 8 5 lockfpl 104 297 0 295 1 0 1 1 0 8 0 lockfspl 48 90 0 88 1 0 1 1 0 8 0 sessionpl 144 24 0 8 1 0 1 1 0 8 0 pgrppl 48 38 0 22 1 0 1 1 0 8 0 ucredpl 104 1864 0 1846 1 0 1 1 0 8 0 zombiepl 144 1944 0 1942 1 0 1 1 0 8 0 processpl 1064 1996 0 1942 4 0 4 4 0 8 0 procpl 672 5343 0 5268 9 1 8 8 0 8 1 sosppl 168 43 0 43 2 1 1 1 0 8 1 sockpl 488 3709 0 3678 52 40 12 20 0 8 7 mcl64k 65536 11 0 0 2 0 2 2 0 8 0 mcl16k 16384 9 0 0 2 0 2 2 0 8 0 mcl12k 12288 14 0 0 2 0 2 2 0 8 0 mcl9k 9216 6 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 25 0 0 3 0 3 3 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 350 0 0 43 0 43 43 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 432 0 0 24 0 24 24 0 8 0 bufpl 288 6288 0 132 440 0 440 440 0 8 0 anonpl 24 392468 0 379972 120 31 89 110 0 186 4 amapchunkpl 152 33001 0 32343 33 4 29 30 0 158 1 amappl16 200 6489 0 6127 52 26 26 37 0 8 6 amappl15 192 272 0 265 1 0 1 1 0 8 0 amappl14 184 437 0 427 1 0 1 1 0 8 0 amappl13 176 488 0 485 1 0 1 1 0 8 0 amappl12 168 224 0 215 1 0 1 1 0 8 0 amappl11 160 100 0 84 1 0 1 1 0 8 0 amappl10 152 19 0 17 1 0 1 1 0 8 0 amappl9 144 887 0 879 1 0 1 1 0 8 0 amappl8 136 844 0 767 3 0 3 3 0 8 0 amappl7 128 323 0 299 1 0 1 1 0 8 0 amappl6 120 591 0 574 2 1 1 2 0 8 0 amappl5 112 1138 0 1119 1 0 1 1 0 8 0 amappl4 104 1072 0 1036 2 0 2 2 0 8 0 amappl3 96 6120 0 6057 4 1 3 3 0 8 1 amappl2 88 888 0 847 2 0 2 2 0 8 0 amappl1 80 51127 0 50393 19 2 17 19 0 8 0 amappl 88 11595 0 11423 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 1978 0 1944 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1978 0 1944 1 0 1 1 0 8 0 vmmpekpl 168 19717 0 19641 4 0 4 4 0 8 0 vmmpepl 168 197571 0 194898 143 12 131 135 0 357 4 vmsppl 368 1977 0 1944 4 0 4 4 0 8 0 rwobjpl 56 55090 0 49840 75 0 75 75 0 8 0 pdppl 4096 3963 0 3888 125 44 81 91 0 8 6 pvpl 32 823382 0 805794 252 61 191 252 0 265 33 pmappl 248 1977 0 1944 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 897 0 64 24 0 24 24 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257e05d) at panic+0x177 sys/kern/subr_prf.c:198 tcp_output(ffff800000c515a0) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727 tcp_send(fffffd805cec8ba8,fffffd8069605000,0,fffffd807187c100) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:944 sosend(fffffd805cec8ba8,0,ffff80002e4fdfc0,0,fffffd807187c100,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline] sosend(fffffd805cec8ba8,0,ffff80002e4fdfc0,0,fffffd807187c100,0) at sosend+0x62a sys/kern/uipc_socket.c:646 sendit(ffff800022b2f508,5,ffff80002e4fe140,0,ffff80002e4fe230) at sendit+0x65d sys/kern/uipc_syscalls.c:694 sys_sendmsg(ffff800022b2f508,ffff80002e4fe1e8,ffff80002e4fe230) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601 syscall(ffff80002e4fe2b0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff80002e4fe2b0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1fb866fc260, count: -9 ddb{0}> machine ddbcpu 1