panic: attempt to access user address 0x2000000c in supervisor mode
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*195194 93008 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pageflttrap() at pageflttrap+0x3eb
kerntrap(ffff80001794c540) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
in_delmulti(20000000) at in_delmulti+0x95 sys/netinet/in.c:894
in_purgeaddr(ffff800000aa8600) at in_purgeaddr+0x156 sys/netinet/in.c:740
in_ifdetach(ffff800000a63800) at in_ifdetach+0x74 sys/netinet/in.c:949
if_setrdomain(ffff800000a63800,6) at if_setrdomain+0x19a sys/net/if.c:1888
ifioctl(fffffd8036ff6a80,8020699f,ffff80001794c830,ffff8000ffff27b0) at ifioctl+0x169d sys/net/if.c:2148
sys_ioctl(ffff8000ffff27b0,ffff80001794c948,ffff80001794c990) at sys_ioctl+0x5b9
syscall(ffff80001794ca10) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xecb0a8497f0, count: 2
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
attempt to access user address 0x2000000c in supervisor mode
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
pageflttrap() at pageflttrap+0x3eb
kerntrap(ffff80001794c540) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
in_delmulti(20000000) at in_delmulti+0x95 sys/netinet/in.c:894
in_purgeaddr(ffff800000aa8600) at in_purgeaddr+0x156 sys/netinet/in.c:740
in_ifdetach(ffff800000a63800) at in_ifdetach+0x74 sys/netinet/in.c:949
if_setrdomain(ffff800000a63800,6) at if_setrdomain+0x19a sys/net/if.c:1888
ifioctl(fffffd8036ff6a80,8020699f,ffff80001794c830,ffff8000ffff27b0) at ifioctl+0x169d sys/net/if.c:2148
sys_ioctl(ffff8000ffff27b0,ffff80001794c948,ffff80001794c990) at sys_ioctl+0x5b9
syscall(ffff80001794ca10) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xecb0a8497f0, count: -13
ddb> show registers
rdi 0xffffffff815aa087 db_enter+0x17
rsi 0x13e09 __ALIGN_SIZE+0x12e09
rbp 0xffff80001794c3b0
rbx 0xffff80001794c460
rdx 0x13e0a __ALIGN_SIZE+0x12e0a
rcx 0xffff800014947000
rax 0xffff800014947000
r8 0xffff80001794c370
r9 0x1
r10 0xffff800000a67640
r11 0xe9f4399c1a14bb41
r12 0x3000000008
r13 0xffff80001794c3c0
r14 0x100
r15 0x1
rip 0xffffffff815aa088 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001794c3a0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=195194 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=78, usrpri=78, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff3968,0xffffffff825b7af8
process=0xffff8000ffff7190 user=0xffff800017947000, vmspace=0xfffffd803f012aa0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
93008 225801 84366 0 2 0 syz-executor.0
*93008 195194 84366 0 7 0x4000000 syz-executor.0
32192 342020 76129 0 3 0x2 biowait syz-executor.1
30097 97131 0 0 3 0x14200 bored sosplice
84366 15161 76129 0 3 0x82 nanosleep syz-executor.0
76129 130469 5680 0 3 0x82 thrsleep syz-fuzzer
76129 167693 5680 0 3 0x4000082 thrsleep syz-fuzzer
76129 515001 5680 0 3 0x4000082 thrsleep syz-fuzzer
76129 224840 5680 0 3 0x4000082 thrsleep syz-fuzzer
76129 512082 5680 0 3 0x4000082 thrsleep syz-fuzzer
76129 106410 5680 0 3 0x4000082 kqread syz-fuzzer
76129 8372 5680 0 3 0x4000082 thrsleep syz-fuzzer
76129 264103 5680 0 3 0x4000082 thrsleep syz-fuzzer
5680 72519 50449 0 3 0x10008a pause ksh
50449 180633 85585 0 3 0x92 select sshd
68035 82983 1 0 3 0x100083 ttyin getty
85585 311663 1 0 3 0x80 select sshd
74865 148583 47506 73 3 0x100090 kqread syslogd
47506 77284 1 0 3 0x100082 netio syslogd
45549 287656 1 77 2 0x100090 dhclient
44743 153766 1 0 3 0x80 poll dhclient
34571 229738 0 0 2 0x14200 zerothread
21476 377538 0 0 3 0x14200 aiodoned aiodoned
20794 166624 0 0 3 0x14200 syncer update
21847 503340 0 0 3 0x14200 cleaner cleaner
52973 260433 0 0 3 0x14200 reaper reaper
51598 399918 0 0 3 0x14200 pgdaemon pagedaemon
13687 81034 0 0 3 0x14200 bored crynlk
52803 335648 0 0 3 0x14200 bored crypto
16027 293850 0 0 3 0x40014200 acpi0 acpi0
88092 61488 0 0 3 0x14200 bored softnet
59578 61301 0 0 2 0x14200 systqmp
30606 2683 0 0 3 0x14200 bored systq
61521 286792 0 0 3 0x40014200 bored softclock
53931 182579 0 0 3 0x40014200 idle0
15638 478306 0 0 3 0x14200 bored smr
1 444450 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9517 7002K 7714K 78643K 11802 0 0
pcb 13 8K 8K 78643K 140 0 0
rtable 104 4K 4K 78643K 481 0 0
ifaddr 78 14K 14K 78643K 181 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 33 0 0
iov 0 0K 24K 78643K 170 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1225 77K 77K 78643K 1628 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 11 0 0
VM map 6 1K 1K 78643K 6 0 0
sem 12 0K 1K 78643K 111 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1794 195K 288K 78643K 12646 0 0
file desc 5 13K 25K 78643K 506 0 0
sigio 0 0K 0K 78643K 6 0 0
proc 48 38K 62K 78643K 510 0 0
subproc 32 2K 2K 78643K 72 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 41 0 0
in_multi 50 2K 3K 78643K 81 0 0
ether_multi 1 0K 0K 78643K 3 0 0
mrt 0 0K 0K 78643K 4 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 60 265K 265K 78643K 60 0 0
exec 0 0K 1K 78643K 262 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 111 54K 54K 78643K 2108 0 0
UVM aobj 41 2K 2K 78643K 45 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 111 0 0
NDP 14 0K 0K 78643K 40 0 0
temp 142 3539K 4177K 78643K 33154 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 17 0 13 1 0 1 1 0 8 0
rtpcb 96 87 0 85 1 0 1 1 0 8 0
rtentry 112 85 0 46 2 0 2 2 0 8 0
unpcb 120 1277 0 1269 4 2 2 3 0 8 1
syncache 280 10 0 10 3 3 0 1 0 8 0
tcpqe 32 186 0 186 2 2 0 1 0 8 0
tcpcb 640 190 0 186 1 0 1 1 0 8 0
ipq 40 3 0 3 2 1 1 1 0 8 1
ipqe 40 92 0 92 2 1 1 1 0 8 1
inpcb 280 588 0 580 2 0 2 2 0 8 1
nd6 48 9 0 6 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 0 1 1 0 8 1
ppxss 1128 8 0 8 2 2 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 360 0 150 16 1 15 15 0 8 1
art_table 32 362 0 150 2 0 2 2 0 8 0
art_node 16 84 0 43 1 0 1 1 0 8 0
sysvmsgpl 40 21 0 16 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 106 0 96 1 0 1 1 0 8 0
shmpl 112 43 0 4 2 0 2 2 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 2170 0 772 46 0 46 46 0 8 0
ffsino 240 2170 0 772 83 0 83 83 0 8 0
nchpl 144 3237 0 1639 60 0 60 60 0 8 0
uvmvnodes 72 2514 0 0 46 0 46 46 0 8 0
vnodes 208 2514 0 0 133 0 133 133 0 8 0
namei 1024 9511 0 9511 1 0 1 1 0 8 1
vcpupl 1984 4 0 0 1 0 1 1 0 8 0
vmpool 520 4 0 0 1 0 1 1 0 8 0
scxspl 208 11025 0 11024 9 7 2 7 0 8 1
plimitpl 152 64 0 57 1 0 1 1 0 8 0
sigapl 432 670 0 657 2 0 2 2 0 8 0
futexpl 56 13266 0 13266 1 0 1 1 0 8 1
knotepl 112 119 0 100 1 0 1 1 0 8 0
kqueuepl 104 153 0 151 1 0 1 1 0 8 0
pipepl 128 400 0 381 2 1 1 2 0 8 0
fdescpl 424 671 0 657 2 0 2 2 0 8 0
filepl 120 5991 0 5895 8 3 5 7 0 8 2
lockfpl 104 239 0 238 1 0 1 1 0 8 0
lockfspl 48 85 0 84 1 0 1 1 0 8 0
sessionpl 128 19 0 9 1 0 1 1 0 8 0
pgrppl 48 23 0 13 1 0 1 1 0 8 0
ucredpl 96 508 0 501 1 0 1 1 0 8 0
zombiepl 144 657 0 657 1 0 1 1 0 8 1
processpl 896 686 0 657 4 0 4 4 0 8 0
procpl 648 1305 0 1268 4 0 4 4 0 8 0
sosppl 144 8 0 8 2 2 0 1 0 8 0
sockpl 384 1969 0 1951 14 7 7 11 0 8 5
mcl64k 65536 82 0 82 1 0 1 1 0 8 1
mcl16k 16384 7 0 7 2 1 1 1 0 8 1
mcl12k 12288 29 0 29 1 0 1 1 0 8 1
mcl9k 9216 10 0 10 2 1 1 1 0 8 1
mcl8k 8192 15 0 15 2 1 1 1 0 8 1
mcl4k 4096 65 0 65 2 1 1 1 0 8 1
mcl2k2 2112 2 0 2 2 2 0 1 0 8 0
mcl2k 2048 70950 0 70920 15 10 5 12 0 8 1
mtagpl 80 55 0 45 2 1 1 1 0 8 0
mbufpl 256 117925 0 117799 33 13 20 23 0 8 8
bufpl 256 8059 0 3153 307 0 307 307 0 8 0
anonpl 16 105129 0 86762 100 10 90 98 0 62 6
amapchunkpl 152 3836 0 3688 22 11 11 20 0 158 3
amappl16 192 4373 0 3213 81 19 62 70 0 8 3
amappl15 184 206 0 204 1 0 1 1 0 8 0
amappl14 176 64 0 59 1 0 1 1 0 8 0
amappl13 168 1 0 1 1 1 0 1 0 8 0
amappl12 160 7 0 6 1 0 1 1 0 8 0
amappl11 152 265 0 253 1 0 1 1 0 8 0
amappl10 144 9 0 8 1 0 1 1 0 8 0
amappl9 136 609 0 605 1 0 1 1 0 8 0
amappl8 128 202 0 175 2 0 2 2 0 8 0
amappl7 120 52 0 44 1 0 1 1 0 8 0
amappl6 112 273 0 262 1 0 1 1 0 8 0
amappl5 104 168 0 157 1 0 1 1 0 8 0
amappl4 96 889 0 861 1 0 1 1 0 8 0
amappl3 88 141 0 135 1 0 1 1 0 8 0
amappl2 80 4663 0 4596 3 1 2 3 0 8 0
amappl1 72 21689 0 21287 27 18 9 20 0 8 0
amappl 80 1572 0 1527 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 44 0 4 1 0 1 1 0 8 0
uaddrrnd 24 675 0 657 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 675 0 657 1 0 1 1 0 8 0
vmmpekpl 168 8751 0 8725 2 0 2 2 0 8 0
vmmpepl 168 91403 0 89184 186 37 149 180 0 357 48
vmsppl 272 670 0 657 2 1 1 2 0 8 0
pdppl 4096 1356 0 1318 6 1 5 6 0 8 0
pvpl 32 288760 0 267331 229 19 210 229 0 265 18
pmappl 200 674 0 657 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 477 0 31 13 0 13 13 0 8 0