panic: attempt to execute user address 0x0 in supervisor mode Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *262942 72007 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x3eb kerntrap(ffff800016814d90) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800014b38000,fffffd802f9894e8,10,ffff80000005b910,ffff800016814ff8) at alltraps_kern_meltdown+0x7b 0(b,ffff800016814f58,83,ffff800016814ff8,0,b) at 0 rt_match(fffffd8036ff7a58,fffffd8034b4c4dc,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd8036ff7a58,fffffd8034b4c4dc,1,0) at rt_match+0xbe sys/net/route.c:242 ip_output(fffffd8034b4c400,fffffd8034b4ca00,fffffd8036ff7a48,20,0,fffffd8036ff79d8) at ip_output+0x4d2 sys/netinet/ip_output.c:204 rip_output(fffffd8034b4c400,fffffd803d530798,ffff800016815208,ffff800014b38000) at rip_output+0x22b sys/netinet/raw_ip.c:289 rip_usrreq(fffffd803d530798,9,fffffd8034b4c400,0,0,ffff8000ffff2018) at rip_usrreq+0x46a sys/netinet/raw_ip.c:538 sosend(fffffd803d530798,0,ffff800016815418,0,0,0) at sosend+0x63d sys/kern/uipc_socket.c:524 dofilewritev(ffff8000ffff2018,3,ffff800016815418,0,ffff800016815500) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff8000ffff2018,ffff8000168154b8,ffff800016815500) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff800016815580) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 end trace frame: 0xffff800016815600, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic attempt to execute user address 0x0 in supervisor mode ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x3eb kerntrap(ffff800016814d90) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800014b38000,fffffd802f9894e8,10,ffff80000005b910,ffff800016814ff8) at alltraps_kern_meltdown+0x7b 0(b,ffff800016814f58,83,ffff800016814ff8,0,b) at 0 rt_match(fffffd8036ff7a58,fffffd8034b4c4dc,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd8036ff7a58,fffffd8034b4c4dc,1,0) at rt_match+0xbe sys/net/route.c:242 ip_output(fffffd8034b4c400,fffffd8034b4ca00,fffffd8036ff7a48,20,0,fffffd8036ff79d8) at ip_output+0x4d2 sys/netinet/ip_output.c:204 rip_output(fffffd8034b4c400,fffffd803d530798,ffff800016815208,ffff800014b38000) at rip_output+0x22b sys/netinet/raw_ip.c:289 rip_usrreq(fffffd803d530798,9,fffffd8034b4c400,0,0,ffff8000ffff2018) at rip_usrreq+0x46a sys/netinet/raw_ip.c:538 sosend(fffffd803d530798,0,ffff800016815418,0,0,0) at sosend+0x63d sys/kern/uipc_socket.c:524 dofilewritev(ffff8000ffff2018,3,ffff800016815418,0,ffff800016815500) at dofilewritev+0x1ac sys/kern/sys_generic.c:364 sys_write(ffff8000ffff2018,ffff8000168154b8,ffff800016815500) at sys_write+0x83 sys/kern/sys_generic.c:284 syscall(ffff800016815580) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,c,0,3,9ffe7bab010) at Xsyscall+0x128 end of kernel end trace frame: 0xa01f249ae50, count: -15 ddb> show registers rdi 0xffffffff81b6c3e7 db_enter+0x17 rsi 0x2281 __ALIGN_SIZE+0x1281 rbp 0xffff800016814c00 rbx 0xffff800016814cb0 rdx 0x2282 __ALIGN_SIZE+0x1282 rcx 0xffff800014b38000 rax 0xffff800014b38000 r8 0xffff800016814bc0 r9 0x1 r10 0xffff800000a65600 r11 0x25b592ea59369ed0 r12 0x3000000008 r13 0xffff800016814c10 r14 0x100 r15 0x1 rip 0xffffffff81b6c3e8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800016814bf0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=262942 stat=onproc flags process=0 proc=4000000 pri=81, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff38c8,0xffffffff82574e70 process=0xffff8000ffff6010 user=0xffff800016810000, vmspace=0xfffffd803f014000 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 72007 75891 43806 0 2 0 syz-executor.1 *72007 262942 43806 0 7 0x4000000 syz-executor.1 43806 117491 49263 0 3 0x82 nanosleep syz-executor.1 15688 478409 49263 0 3 0x82 nanosleep syz-executor.0 97961 311197 0 0 3 0x14200 acct acct 87311 305987 0 0 3 0x14200 bored sosplice 49263 365536 54070 0 3 0x82 thrsleep syz-fuzzer 49263 516786 54070 0 3 0x4000082 thrsleep syz-fuzzer 49263 145500 54070 0 3 0x4000082 kqread syz-fuzzer 49263 442038 54070 0 3 0x4000082 thrsleep syz-fuzzer 49263 80681 54070 0 3 0x4000082 thrsleep syz-fuzzer 49263 396529 54070 0 3 0x4000082 thrsleep syz-fuzzer 49263 275990 54070 0 3 0x4000082 thrsleep syz-fuzzer 49263 421644 54070 0 3 0x4000082 thrsleep syz-fuzzer 49263 305023 54070 0 3 0x4000082 thrsleep syz-fuzzer 54070 355274 31093 0 3 0x10008a pause ksh 31093 193101 4772 0 3 0x92 select sshd 29124 135906 1 0 3 0x100083 ttyin getty 4772 419351 1 0 3 0x80 select sshd 96871 222619 44471 73 3 0x100090 kqread syslogd 44471 395649 1 0 3 0x100082 netio syslogd 50794 169448 0 0 2 0x14200 zerothread 52824 175902 0 0 3 0x14200 aiodoned aiodoned 73780 374725 0 0 3 0x14200 syncer update 7783 292647 0 0 3 0x14200 cleaner cleaner 2934 423408 0 0 3 0x14200 reaper reaper 12437 153811 0 0 3 0x14200 pgdaemon pagedaemon 506 163327 0 0 3 0x14200 bored crynlk 1994 345069 0 0 3 0x14200 bored crypto 35440 339302 0 0 3 0x40014200 acpi0 acpi0 29665 497192 0 0 3 0x14200 bored softnet 61779 9552 0 0 3 0x14200 bored systqmp 79423 119934 0 0 3 0x14200 bored systq 50144 301955 0 0 3 0x40014200 bored softclock 49862 252207 0 0 3 0x40014200 idle0 71094 302454 0 0 3 0x14200 bored smr 1 157760 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9622 6995K 8216K 78643K 51418 0 0 pcb 13 12K 14K 78643K 3049 0 0 rtable 179 16K 17K 78643K 7015 0 0 ifaddr 128 35K 42K 78643K 2640 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 1181 0 0 iov 0 0K 40K 78643K 8884 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1211 76K 77K 78643K 14085 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 164 0 0 VM map 114 28K 28K 78643K 165 0 0 sem 12 0K 0K 78643K 6894 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 20379 0 0 sigio 0 0K 0K 78643K 251 0 0 proc 45 30K 55K 78643K 4353 0 0 subproc 32 2K 2K 78643K 1262 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 1566 0 0 in_multi 39 2K 3K 78643K 1233 0 0 ether_multi 1 0K 0K 78643K 101 0 0 mrt 2 0K 0K 78643K 77 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 150 662K 662K 78643K 150 0 0 exec 0 0K 1K 78643K 2221 0 0 pfkey data 0 0K 0K 78643K 4 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 274 671K 671K 78643K 49190 0 0 UVM aobj 130 4K 4K 78643K 140 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 4170 0 0 NDP 26 0K 1K 78643K 800 0 0 temp 268 3545K 4185K 78643K 489749 0 0 kqueue 0 0K 0K 78643K 147 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 187 0 183 1 0 1 1 0 8 0 rtpcb 80 2921 0 2921 11 10 1 1 0 8 1 rtentry 112 1223 0 1153 4 1 3 3 0 8 0 unpcb 120 32663 0 32646 58 56 2 3 0 8 1 syncache 264 110 0 110 39 38 1 1 0 8 1 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 162 0 162 21 21 0 1 0 8 0 tcpcb 544 6973 0 6969 50 49 1 15 0 8 0 ipq 40 160 0 160 43 43 0 1 0 8 0 ipqe 40 4226 0 4226 43 43 0 1 0 8 0 inpcb 280 21623 0 21618 128 122 6 13 0 8 5 rttmr 72 24 0 24 10 9 1 1 0 8 1 ip6q 72 9 0 9 6 6 0 1 0 8 0 ip6af 40 15 0 15 4 4 0 1 0 8 0 nd6 48 167 0 165 6 5 1 1 0 8 0 pkpcb 40 36 0 36 13 13 0 1 0 8 0 swfcl 56 6 0 0 1 0 1 1 0 8 0 ppxss 1128 428 0 428 51 51 0 1 0 8 0 art_heap8 4096 50 0 44 28 22 6 7 0 8 0 art_heap4 256 5298 0 4996 53 30 23 25 0 8 0 art_table 32 5348 0 5040 4 1 3 4 0 8 0 art_node 16 1220 0 1161 1 0 1 1 0 8 0 sysvmsgpl 40 42 0 26 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 6886 0 6876 1 0 1 1 0 8 0 shmpl 112 138 0 10 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 30549 0 29089 48 0 48 48 0 8 0 ffsino 240 30549 0 29089 86 0 86 86 0 8 0 nchpl 144 58771 0 58273 60 40 20 60 0 8 0 uvmvnodes 72 9204 0 0 168 0 168 168 0 8 0 vnodes 208 9204 0 0 485 0 485 485 0 8 0 namei 1024 209578 0 209578 10 9 1 1 0 8 1 vcpupl 1984 112 0 0 14 0 14 14 0 8 0 vmpool 520 163 0 51 11 3 8 8 0 8 0 scsiplug 64 10 0 10 7 7 0 1 0 8 0 scxspl 192 204018 0 204018 62 60 2 7 0 8 2 plimitpl 152 1133 0 1127 1 0 1 1 0 8 0 sigapl 432 20333 0 20321 2 0 2 2 0 8 0 futexpl 56 526691 0 526691 12 11 1 1 0 8 1 knotepl 112 4448 0 4429 7 6 1 3 0 8 0 kqueuepl 104 5062 0 5060 7 6 1 4 0 8 0 pipepl 112 11100 0 11081 22 20 2 2 0 8 1 fdescpl 424 20334 0 20321 2 0 2 2 0 8 0 filepl 120 167811 0 167720 94 87 7 11 0 8 4 lockfpl 104 15851 0 15851 7 6 1 2 0 8 1 lockfspl 48 4266 0 4266 6 5 1 1 0 8 1 sessionpl 112 89 0 81 1 0 1 1 0 8 0 pgrppl 48 382 0 374 1 0 1 1 0 8 0 ucredpl 96 15775 0 15768 1 0 1 1 0 8 0 zombiepl 144 20325 0 20324 2 1 1 1 0 8 0 processpl 864 20353 0 20324 4 0 4 4 0 8 0 procpl 632 44388 0 44350 9 5 4 5 0 8 0 sosppl 128 209 0 209 52 51 1 1 0 8 1 sockpl 384 57448 0 57426 199 190 9 22 0 8 5 mcl64k 65536 2362 0 2362 160 159 1 33 0 8 1 mcl16k 16384 188 0 188 58 57 1 1 0 8 1 mcl12k 12288 438 0 438 45 44 1 1 0 8 1 mcl9k 9216 226 0 226 59 58 1 1 0 8 1 mcl8k 8192 679 0 679 31 30 1 1 0 8 1 mcl4k 4096 2417 0 2417 12 11 1 1 0 8 1 mcl2k2 2112 138 0 138 60 59 1 1 0 8 1 mcl2k 2048 100062 0 100016 48 41 7 15 0 8 0 mtagpl 80 589 0 587 15 14 1 1 0 8 0 mbufpl 256 322525 0 322438 490 473 17 40 0 8 5 bufpl 256 61840 0 52563 585 4 581 581 0 8 0 anonpl 16 2094107 0 2068657 485 375 110 116 0 62 1 amapchunkpl 152 93481 0 93301 236 228 8 21 0 158 0 amappl16 192 119280 0 117804 461 382 79 84 0 8 0 amappl15 184 4397 0 4396 1 0 1 1 0 8 0 amappl14 176 2554 0 2548 1 0 1 1 0 8 0 amappl13 168 1351 0 1350 1 0 1 1 0 8 0 amappl12 160 3454 0 3452 12 11 1 1 0 8 0 amappl11 152 4901 0 4897 1 0 1 1 0 8 0 amappl10 144 999 0 997 1 0 1 1 0 8 0 amappl9 136 4697 0 4694 1 0 1 1 0 8 0 amappl8 128 4283 0 4204 3 0 3 3 0 8 0 amappl7 120 1284 0 1275 1 0 1 1 0 8 0 amappl6 112 4702 0 4680 1 0 1 1 0 8 0 amappl5 104 4277 0 4267 1 0 1 1 0 8 0 amappl4 96 18699 0 18672 1 0 1 1 0 8 0 amappl3 88 4956 0 4947 1 0 1 1 0 8 0 amappl2 80 159942 0 159851 3 1 2 3 0 8 0 amappl1 72 364097 0 363700 26 16 10 20 0 8 0 amappl 80 45945 0 45857 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 139 0 10 3 0 3 3 0 8 0 uaddrrnd 24 20497 0 20321 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 20497 0 20321 2 0 2 2 0 8 0 vmmpekpl 168 108115 0 108068 3 0 3 3 0 8 0 vmmpepl 168 2402593 0 2399449 1005 828 177 178 0 357 35 vmsppl 272 20333 0 20321 6 5 1 2 0 8 0 pdppl 4096 41000 0 40856 24 5 19 19 0 8 0 pvpl 32 6208799 0 6186068 1295 1033 262 327 0 265 71 pmappl 200 20496 0 20372 9 2 7 7 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 1646 0 897 24 1 23 23 0 8 0