login: panic: tcp_output Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 132137 56475 0 0 0 1 syz-executor.4 *451497 56475 0 0 0x4000000 0 syz-executor.4 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257e290) at panic+0x177 sys/kern/subr_prf.c:198 tcp_output(ffff800000d80a90) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727 tcp_send(fffffd8067d439c0,fffffd807e95a800,0,fffffd807e3e5900) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953 sosend(fffffd8067d439c0,0,ffff80002e56e020,0,fffffd807e3e5900,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline] sosend(fffffd8067d439c0,0,ffff80002e56e020,0,fffffd807e3e5900,0) at sosend+0x62a sys/kern/uipc_socket.c:646 sendit(ffff8000fffe8000,3,ffff80002e56e1a0,0,ffff80002e56e290) at sendit+0x65d sys/kern/uipc_syscalls.c:694 sys_sendmsg(ffff8000fffe8000,ffff80002e56e248,ffff80002e56e290) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601 syscall(ffff80002e56e310) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff80002e56e310) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x265520d620, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: tcp_output ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257e290) at panic+0x177 sys/kern/subr_prf.c:198 tcp_output(ffff800000d80a90) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727 tcp_send(fffffd8067d439c0,fffffd807e95a800,0,fffffd807e3e5900) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953 sosend(fffffd8067d439c0,0,ffff80002e56e020,0,fffffd807e3e5900,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline] sosend(fffffd8067d439c0,0,ffff80002e56e020,0,fffffd807e3e5900,0) at sosend+0x62a sys/kern/uipc_socket.c:646 sendit(ffff8000fffe8000,3,ffff80002e56e1a0,0,ffff80002e56e290) at sendit+0x65d sys/kern/uipc_syscalls.c:694 sys_sendmsg(ffff8000fffe8000,ffff80002e56e248,ffff80002e56e290) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601 syscall(ffff80002e56e310) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff80002e56e310) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x265520d620, count: -9 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002e56dc80 rbx 0xffffffff82978b8f cpu_info_full_primary+0x2b8f rdx 0xffff800000bf4b80 rcx 0 rax 0xffff8000fffe8000 r8 0x101010101010101 r9 0x8080808080808080 r10 0x6c62cbc6b11a1bf3 r11 0x489da18f4ce31b06 r12 0xffffffff82978990 cpu_info_full_primary+0x2990 r13 0 r14 0 r15 0x1 rip 0xffffffff813a47e8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e56dc70 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.4) pid=451497 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=63, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffe97a0,0xffffffff82bac0d0 process=0xffff8000fffefa50 user=0xffff80002e569000, vmspace=0xfffffd8064cea188 estcpu=13, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 88222 459313 86266 0 3 0x80 nanoslp syz-executor.7 88222 517373 86266 0 3 0x4000080 fsleep syz-executor.7 56475 132137 95017 0 7 0 syz-executor.4 *56475 451497 95017 0 7 0x4000000 syz-executor.4 11031 378822 27866 0 2 0 syz-executor.2 11031 399393 27866 0 3 0x4000080 fsleep syz-executor.2 66058 201235 87288 0 2 0 syz-executor.6 66058 323349 87288 0 3 0x4000080 fsleep syz-executor.6 66058 25139 87288 0 3 0x4000080 fsleep syz-executor.6 74589 411163 55497 0 2 0 syz-executor.5 74589 357604 55497 0 3 0x4000080 fsleep syz-executor.5 18115 51162 1 0 3 0x100083 ttyin getty 59583 345274 79780 0 3 0x82 piperd syz-executor.1 87288 191899 79780 0 3 0x82 nanoslp syz-executor.6 27866 454191 79780 0 3 0x82 nanoslp syz-executor.2 55497 383481 79780 0 3 0x82 nanoslp syz-executor.5 40524 405888 0 0 3 0x14200 acct acct 54433 498260 0 0 3 0x14200 bored sosplice 86266 2257 79780 0 3 0x82 nanoslp syz-executor.7 47640 252499 79780 0 3 0x82 piperd syz-executor.3 95017 115629 79780 0 3 0x82 nanoslp syz-executor.4 69892 317277 79780 0 3 0x82 piperd syz-executor.0 79780 418922 78792 0 3 0x82 wait syz-fuzzer 79780 343957 78792 0 3 0x4000082 thrsleep syz-fuzzer 79780 481471 78792 0 3 0x4000082 thrsleep syz-fuzzer 79780 468442 78792 0 3 0x4000082 thrsleep syz-fuzzer 79780 44467 78792 0 3 0x4000082 wait syz-fuzzer 79780 402575 78792 0 3 0x4000082 wait syz-fuzzer 79780 346220 78792 0 3 0x4000082 thrsleep syz-fuzzer 79780 232563 78792 0 3 0x4000082 wait syz-fuzzer 79780 496011 78792 0 3 0x4000082 wait syz-fuzzer 79780 499212 78792 0 3 0x4000082 thrsleep syz-fuzzer 79780 97084 78792 0 3 0x4000082 wait syz-fuzzer 79780 278841 78792 0 3 0x4000082 wait syz-fuzzer 79780 270097 78792 0 3 0x4000082 wait syz-fuzzer 79780 507954 78792 0 3 0x4000082 kqread syz-fuzzer 79780 60872 78792 0 3 0x4000082 thrsleep syz-fuzzer 79780 64685 78792 0 3 0x4000082 thrsleep syz-fuzzer 78792 238372 81498 0 3 0x10008a sigsusp ksh 81498 433550 38211 0 3 0x9a kqread sshd 38211 69148 1 0 3 0x88 kqread sshd 49538 102919 87809 74 3 0x1100092 bpf pflogd 87809 191664 1 0 3 0x80 netio pflogd 30153 430661 2585 73 3 0x1100090 kqread syslogd 2585 427259 1 0 3 0x100082 netio syslogd 19135 459217 1 0 3 0x100080 kqread resolvd 50128 364189 18857 77 3 0x100092 kqread dhcpleased 91396 506606 18857 77 3 0x100092 kqread dhcpleased 18857 295905 1 0 3 0x80 kqread dhcpleased 19806 77537 0 0 3 0x14200 bored smr 38896 501085 0 0 3 0x14200 pgzero zerothread 64991 14507 0 0 3 0x14200 aiodoned aiodoned 73108 97253 0 0 3 0x14200 syncer update 25940 133997 0 0 3 0x14200 cleaner cleaner 90233 199851 0 0 3 0x14200 reaper reaper 11516 13653 0 0 3 0x14200 pgdaemon pagedaemon 82895 45722 0 0 3 0x14200 bored viomb 2824 18114 0 0 3 0x40014200 acpi0 acpi0 43547 241366 0 0 3 0x40014200 idle1 78364 313903 0 0 3 0x14200 bored softnet 53331 491408 0 0 3 0x14200 bored softnet 81413 174105 0 0 3 0x14200 bored softnet 90235 457181 0 0 3 0x14200 bored softnet 61448 439030 0 0 3 0x14200 bored systqmp 39771 83297 0 0 3 0x14200 bored systq 62554 508467 0 0 3 0x40014200 bored softclock 26193 141132 0 0 3 0x40014200 idle0 1 346573 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 56475 (syz-executor.4) thread 0xffff8000fffe8000 (451497) exclusive rwlock netlock r = 0 (0xffffffff8291b0b0) #0 witness_lock+0x44d #1 sosend+0x500 sys/kern/uipc_socket.c:632 #2 sendit+0x65d sys/kern/uipc_syscalls.c:694 #3 sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601 #4 syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] #4 syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 #5 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10223 6493K 6819K 78643K 15680 0 pcb 13 16K 21K 78643K 498 0 rtable 207 16K 18K 78643K 1062 0 ifaddr 99 20K 21K 78643K 463 0 sysctl 3 1K 1K 78643K 3 0 counters 54 35K 36K 78643K 200 0 ioctlops 0 0K 4K 78643K 2069 0 iov 0 0K 16K 78643K 346 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1331 83K 84K 78643K 2831 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 49 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 315 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 93K 78643K 3786 0 sigio 0 0K 0K 78643K 35 0 proc 70 91K 128K 78643K 942 0 subproc 104 6K 6K 78643K 195 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 1K 78643K 3008 0 in_multi 86 5K 7K 78643K 628 0 ether_multi 1 0K 0K 78643K 385 0 mrt 1 0K 0K 78643K 11 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 223 996K 996K 78643K 223 0 exec 0 0K 2K 78643K 1262 0 pfkey data 0 0K 0K 78643K 5 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 62K 78643K 8 0 UVM amap 351 462K 466K 78643K 24396 0 UVM aobj 134 4K 4K 78643K 139 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 105 0 NDP 16 0K 1K 78643K 121 0 temp 141 4726K 70258K 78643K 28724 0 kqueue 12 18K 26K 78643K 345 0 SYN cache 2 16K 24K 78643K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 452 0 449 9 8 1 3 0 8 0 rtentry 112 225 0 139 4 0 4 4 0 8 0 unpcb 144 2276 0 2261 23 22 1 8 0 8 0 syncache 296 19 0 19 3 3 0 1 0 8 0 tcpqe 32 24 0 24 2 2 0 1 0 8 0 tcpcb 768 1264 0 1191 51 43 8 12 0 8 0 arp 120 32 0 18 1 0 1 1 0 8 0 inpcb 368 5739 0 5662 64 57 7 13 0 8 0 nd6 48 55 0 35 1 0 1 1 0 8 0 pkpcb 40 8 0 8 2 2 0 1 0 8 0 kcovpl 48 15 0 7 1 0 1 1 0 8 0 ppxss 1256 63 0 63 7 7 0 1 0 8 0 pfstscr 40 71 0 71 2 2 0 1 0 8 0 pffrag 232 21 0 18 1 0 1 1 0 482 0 pffrnode 88 21 0 18 1 0 1 1 0 8 0 pffrent 40 153 0 150 1 0 1 1 0 8 0 pfosfp 40 1432 0 1008 5 0 5 5 0 8 0 pfosfpen 112 1432 0 717 21 0 21 21 0 8 0 pfrktable 1344 41 0 39 4 3 1 1 0 8 0 pfanchor 1280 200 0 72 11 0 11 11 0 8 0 pftag 88 4 0 2 1 0 1 1 0 8 0 pfstitem 24 83 0 79 1 0 1 1 0 8 0 pfstkey 120 223 0 219 2 1 1 2 0 8 0 pfstate 336 152 0 148 4 2 2 4 0 8 0 pfrule 1360 59 0 44 3 1 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1080 0 661 34 5 29 30 0 8 1 art_table 32 1081 0 661 4 0 4 4 0 8 0 art_node 16 224 0 148 1 0 1 1 0 8 0 sysvmsgpl 40 38 0 36 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 310 0 300 1 0 1 1 0 8 0 shmpl 112 136 0 8 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 6487 0 5045 91 0 91 91 0 8 0 ffsino 272 6487 0 5045 97 0 97 97 0 8 0 nchpl 144 12096 0 10458 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 40347 0 40347 4 3 1 2 0 8 1 percpumem 16 112 0 73 1 0 1 1 0 8 0 vcpupl 2048 158 0 0 20 0 20 20 0 8 0 vmpool 568 167 0 9 13 1 12 12 0 8 0 pfiaddrpl 120 14 0 10 3 2 1 1 0 8 0 kstatmem 264 170 0 140 4 1 3 3 0 8 0 scsiplug 72 7 0 7 2 2 0 1 0 8 0 scxspl 216 38769 0 38769 18 17 1 8 0 8 1 plimitpl 152 217 0 202 1 0 1 1 0 8 0 sigapl 424 4100 0 4053 10 3 7 8 0 8 0 futexpl 64 32384 0 32379 3 2 1 1 0 8 0 knotepl 120 431 0 0 11 0 11 11 0 8 0 kqueuepl 216 799 0 791 15 14 1 5 0 8 0 pipepl 320 756 0 728 15 12 3 8 0 8 0 fdescpl 496 4061 0 4033 5 1 4 5 0 8 0 filepl 152 27944 0 27638 59 46 13 20 0 8 1 lockfpl 104 969 0 967 3 2 1 2 0 8 0 lockfspl 48 256 0 254 1 0 1 1 0 8 0 sessionpl 144 33 0 16 1 0 1 1 0 8 0 pgrppl 48 110 0 93 1 0 1 1 0 8 0 ucredpl 104 4095 0 4083 1 0 1 1 0 8 0 zombiepl 144 4053 0 4053 2 1 1 1 0 8 1 processpl 1064 4100 0 4053 5 0 5 5 0 8 0 procpl 672 11363 0 11295 13 5 8 9 0 8 0 srpgc 96 19 0 19 4 4 0 1 0 8 0 sosppl 168 40 0 40 7 7 0 1 0 8 0 sockpl 488 8475 0 8380 151 139 12 37 0 8 0 mcl64k 65536 17 0 0 3 0 3 3 0 8 0 mcl16k 16384 16 0 0 2 0 2 2 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 362 0 0 45 1 44 45 0 8 1 mtagpl 96 288 0 0 7 0 7 7 0 8 0 mbufpl 256 8606 0 0 528 0 528 528 0 8 0 bufpl 288 10110 0 3778 453 0 453 453 0 8 0 anonpl 24 802581 0 785065 203 76 127 182 0 186 11 amapchunkpl 152 72683 0 71920 86 52 34 60 0 158 0 amappl16 200 9696 0 9113 58 15 43 43 0 8 11 amappl15 192 453 0 446 1 0 1 1 0 8 0 amappl14 184 425 0 418 1 0 1 1 0 8 0 amappl13 176 904 0 901 1 0 1 1 0 8 0 amappl12 168 596 0 588 1 0 1 1 0 8 0 amappl11 160 94 0 75 1 0 1 1 0 8 0 amappl10 152 1106 0 1102 1 0 1 1 0 8 0 amappl9 144 1165 0 1156 1 0 1 1 0 8 0 amappl8 136 761 0 691 3 0 3 3 0 8 0 amappl7 128 159 0 138 1 0 1 1 0 8 0 amappl6 120 929 0 910 2 1 1 2 0 8 0 amappl5 112 4259 0 4239 1 0 1 1 0 8 0 amappl4 104 1315 0 1281 2 0 2 2 0 8 0 amappl3 96 12665 0 12611 2 0 2 2 0 8 0 amappl2 88 1437 0 1397 2 0 2 2 0 8 0 amappl1 80 102204 0 101532 25 9 16 20 0 8 0 amappl 88 23648 0 23443 7 1 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 138 0 5 3 0 3 3 0 8 0 uaddrrnd 24 4229 0 4043 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4229 0 4043 2 0 2 2 0 8 0 vmmpekpl 168 33503 0 33412 5 0 5 5 0 8 0 vmmpepl 168 398156 0 395202 202 63 139 154 0 357 0 vmsppl 368 4228 0 4043 18 0 18 18 0 8 0 rwobjpl 56 103816 0 96080 113 1 112 112 0 8 2 pdppl 4096 8465 0 8244 392 165 227 227 0 8 6 pvpl 32 1649643 0 1628132 412 213 199 312 0 265 11 pmappl 248 4228 0 4043 12 0 12 12 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1778 0 243 44 0 44 44 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257e290) at panic+0x177 sys/kern/subr_prf.c:198 tcp_output(ffff800000d80a90) at tcp_output+0x2cd2 sys/netinet/tcp_output.c:727 tcp_send(fffffd8067d439c0,fffffd807e95a800,0,fffffd807e3e5900) at tcp_send+0xc4 sys/netinet/tcp_usrreq.c:953 sosend(fffffd8067d439c0,0,ffff80002e56e020,0,fffffd807e3e5900,0) at sosend+0x62a pru_send sys/sys/protosw.h:331 [inline] sosend(fffffd8067d439c0,0,ffff80002e56e020,0,fffffd807e3e5900,0) at sosend+0x62a sys/kern/uipc_socket.c:646 sendit(ffff8000fffe8000,3,ffff80002e56e1a0,0,ffff80002e56e290) at sendit+0x65d sys/kern/uipc_syscalls.c:694 sys_sendmsg(ffff8000fffe8000,ffff80002e56e248,ffff80002e56e290) at sys_sendmsg+0x198 sys/kern/uipc_syscalls.c:601 syscall(ffff80002e56e310) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff80002e56e310) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x265520d620, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0x7f7ffffd9430, count: 12 ddb{1}> trace x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0x7f7ffffd9430, count: -3