panic: attempt to execute user address 0x0 in supervisor mode Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 212281 64161 0 0 0 1 syz-executor.0 *336442 3717 0 0 0x4000000 0K syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x40b kerntrap(ffff800021ba16a0) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff80002155a000,fffffd806216b318,10,ffff80000005b630,ffff800021ba1908) at alltraps_kern_meltdown+0x7b 0(b,ffff800021ba1868,83,ffff800021ba1908,0,b) at 0 rt_clone(ffff800021ba1978,fffffd806f6cfb70,0) at rt_clone+0x78 sys/net/route.c:266 rtalloc_mpath(fffffd806f6cfb70,0,0) at rtalloc_mpath+0xba rt_match sys/net/route.c:244 [inline] rtalloc_mpath(fffffd806f6cfb70,0,0) at rtalloc_mpath+0xba sys/net/route.c:359 in_pcbselsrc(ffff800021ba1a50,fffffd80681f9c20,fffffd806f6cfaf0) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd806f6cfaf0,fffffd80681f9c00) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 udp_usrreq(fffffd806f6d0600,4,0,fffffd80681f9c00,0,ffff800020acea00) at udp_usrreq+0x560 sys_connect(ffff800020acea00,ffff800021ba1bd8,ffff800021ba1c20) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff800021ba1ca0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800021ba1ca0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,2f1dbc21010) at Xsyscall+0x128 end of kernel end trace frame: 0x2f4aef4ea80, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic attempt to execute user address 0x0 in supervisor mode ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x40b kerntrap(ffff800021ba16a0) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff80002155a000,fffffd806216b318,10,ffff80000005b630,ffff800021ba1908) at alltraps_kern_meltdown+0x7b 0(b,ffff800021ba1868,83,ffff800021ba1908,0,b) at 0 rt_clone(ffff800021ba1978,fffffd806f6cfb70,0) at rt_clone+0x78 sys/net/route.c:266 rtalloc_mpath(fffffd806f6cfb70,0,0) at rtalloc_mpath+0xba rt_match sys/net/route.c:244 [inline] rtalloc_mpath(fffffd806f6cfb70,0,0) at rtalloc_mpath+0xba sys/net/route.c:359 in_pcbselsrc(ffff800021ba1a50,fffffd80681f9c20,fffffd806f6cfaf0) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd806f6cfaf0,fffffd80681f9c00) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 udp_usrreq(fffffd806f6d0600,4,0,fffffd80681f9c00,0,ffff800020acea00) at udp_usrreq+0x560 sys_connect(ffff800020acea00,ffff800021ba1bd8,ffff800021ba1c20) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff800021ba1ca0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800021ba1ca0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,2f1dbc21010) at Xsyscall+0x128 end of kernel end trace frame: 0x2f4aef4ea80, count: -14 ddb{0}> show registers rdi 0xffffffff8163efc7 db_enter+0x17 rsi 0x2c0c __ALIGN_SIZE+0x1c0c rbp 0xffff800021ba1510 rbx 0xffff800021ba15c0 rdx 0x2c0d __ALIGN_SIZE+0x1c0d rcx 0xffff80002155a000 rax 0xffff80002155a000 r8 0xffffffff8178440f kprintf+0x16f r9 0x1 r10 0x25 r11 0xfe9a9460b71fc525 r12 0x3000000008 r13 0xffff800021ba1520 r14 0x100 r15 0x1 rip 0xffffffff8163efc8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021ba1500 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.1) pid=336442 stat=onproc flags process=0 proc=4000000 pri=79, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff800020acf168,0xffff800020acef00 process=0xffff800020a8b190 user=0xffff800021b9c000, vmspace=0xfffffd807f00a2e0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 64161 212281 98506 0 7 0 syz-executor.0 3717 85786 64866 0 2 0 syz-executor.1 * 3717 336442 64866 0 7 0x4000000 syz-executor.1 98506 515213 2898 0 3 0x82 nanosleep syz-executor.0 64866 464013 2898 0 3 0x82 nanosleep syz-executor.1 34667 478778 1 0 3 0x100083 ttyin getty 57451 296736 0 0 3 0x14200 bored sosplice 2898 234227 39565 0 3 0x82 thrsleep syz-fuzzer 2898 312436 39565 0 3 0x4000082 thrsleep syz-fuzzer 2898 437569 39565 0 3 0x4000082 thrsleep syz-fuzzer 2898 336848 39565 0 3 0x4000082 thrsleep syz-fuzzer 2898 322288 39565 0 3 0x4000082 thrsleep syz-fuzzer 2898 443730 39565 0 3 0x4000082 kqread syz-fuzzer 2898 55921 39565 0 3 0x4000082 thrsleep syz-fuzzer 2898 457010 39565 0 3 0x4000082 thrsleep syz-fuzzer 2898 395204 39565 0 3 0x4000082 thrsleep syz-fuzzer 2898 497816 39565 0 3 0x4000082 thrsleep syz-fuzzer 39565 496743 10762 0 3 0x10008a pause ksh 10762 151150 67815 0 3 0x92 select sshd 67815 217732 1 0 3 0x80 select sshd 78381 201888 3764 74 3 0x100092 bpf pflogd 3764 422202 1 0 3 0x80 netio pflogd 18473 160063 96877 73 3 0x100090 kqread syslogd 96877 4722 1 0 3 0x100082 netio syslogd 50593 150495 0 0 2 0x14200 zerothread 86476 196018 0 0 3 0x14200 aiodoned aiodoned 68073 120986 0 0 3 0x14200 syncer update 76146 478943 0 0 3 0x14200 cleaner cleaner 23580 268912 0 0 3 0x14200 reaper reaper 98518 8948 0 0 3 0x14200 pgdaemon pagedaemon 26698 196943 0 0 3 0x14200 bored crynlk 54393 448382 0 0 3 0x14200 bored crypto 60414 348094 0 0 3 0x40014200 acpi0 acpi0 92003 307673 0 0 3 0x40014200 idle1 93459 326373 0 0 3 0x14200 bored softnet 35488 77876 0 0 3 0x14200 bored systqmp 52926 207591 0 0 3 0x14200 bored systq 79280 284419 0 0 3 0x40014200 bored softclock 24683 78499 0 0 3 0x40014200 idle0 1730 406161 0 0 3 0x14200 bored smr 1 31847 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 3717 (syz-executor.1) thread 0xffff800020acea00 (336442) exclusive rwlock netlock r = 0 (0xffffffff824d4548) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 uvn_io+0x3b2 sys/uvm/uvm_vnode.c:1206 #2 uvn_get+0x226 sys/uvm/uvm_vnode.c:1049 #3 uvm_fault+0x11cc sys/uvm/uvm_fault.c:1023 #4 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199 #5 kerntrap+0xec sys/arch/amd64/amd64/trap.c:287 #6 alltraps_kern_meltdown+0x7b #7 copyin+0x4b #8 sys_connect+0x9c sys/kern/uipc_syscalls.c:367 #9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #10 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 2 (0xffffffff82677638) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9591 6440K 7385K 78643K 15443 0 0 pcb 13 10K 12K 78643K 492 0 0 rtable 133 14K 14K 78643K 1034 0 0 ifaddr 96 20K 20K 78643K 519 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1581 0 0 iov 0 0K 32K 78643K 543 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1216 76K 77K 78643K 3207 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 36 0 0 VM map 13 6K 7K 78643K 27 0 0 sem 12 0K 0K 78643K 674 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 6 17K 25K 78643K 2236 0 0 sigio 0 0K 0K 78643K 43 0 0 proc 57 51K 83K 78643K 1272 0 0 subproc 32 2K 2K 78643K 289 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 224 0 0 in_multi 37 2K 2K 78643K 312 0 0 ether_multi 1 0K 0K 78643K 27 0 0 mrt 0 0K 0K 78643K 11 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 675 0 0 pfkey data 0 0K 1K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 153 109K 109K 78643K 8902 0 0 UVM aobj 130 8K 8K 78643K 130 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 463 0 0 NDP 21 0K 0K 78643K 157 0 0 temp 214 3556K 4196K 78643K 71220 0 0 kqueue 0 0K 0K 78643K 11 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 60 0 53 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 213 0 213 2 1 1 1 0 8 1 rtentry 112 290 0 241 2 0 2 2 0 8 0 unpcb 120 8370 0 8359 11 9 2 3 0 8 1 syncache 264 14 0 14 6 6 0 1 0 8 0 tcpqe 32 561 0 561 5 5 0 2 0 8 0 tcpcb 544 1487 0 1483 37 31 6 14 0 8 5 inpcb 280 3668 0 3663 33 27 6 9 0 8 5 rttmr 72 5 0 4 1 0 1 1 0 8 0 nd6 48 36 0 33 1 0 1 1 0 8 0 pkpcb 40 13 0 13 4 4 0 1 0 8 0 ppxss 1128 65 0 65 9 8 1 1 0 8 1 pffrag 232 46 0 46 13 12 1 1 0 482 1 pffrnode 88 46 0 46 13 12 1 1 0 8 1 pffrent 40 1725 0 1725 13 12 1 1 0 8 1 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 198 0 131 1 0 1 1 0 8 0 pfstkey 112 198 0 131 2 0 2 2 0 8 0 pfstate 328 198 0 131 6 0 6 6 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 1154 0 908 24 7 17 18 0 8 0 art_table 32 1156 0 908 3 0 3 3 0 8 0 art_node 16 285 0 239 1 0 1 1 0 8 0 sysvmsgpl 40 23 0 5 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 672 0 662 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 4740 0 3329 46 0 46 46 0 8 0 ffsino 272 4740 0 3329 95 0 95 95 0 8 0 nchpl 144 8108 0 7661 61 41 20 61 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 26998 0 26998 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vcpupl 1984 11 0 0 2 0 2 2 0 8 0 vmpool 552 25 0 14 1 0 1 1 0 8 0 scsiplug 64 3 0 3 3 3 0 1 0 8 0 scxspl 192 26478 0 26478 25 24 1 7 0 8 1 plimitpl 152 218 0 211 1 0 1 1 0 8 0 sigapl 432 2391 0 2377 3 1 2 3 0 8 0 futexpl 56 60949 0 60949 1 0 1 1 0 8 1 knotepl 112 1711 0 1692 4 3 1 2 0 8 0 kqueuepl 104 2969 0 2967 10 9 1 4 0 8 0 pipepl 112 1484 0 1463 2 1 1 2 0 8 0 fdescpl 488 2392 0 2377 3 0 3 3 0 8 0 filepl 152 27387 0 27290 43 34 9 14 0 8 5 lockfpl 104 798 0 798 1 0 1 1 0 8 1 lockfspl 48 256 0 256 1 0 1 1 0 8 1 sessionpl 112 35 0 26 1 0 1 1 0 8 0 pgrppl 48 59 0 50 1 0 1 1 0 8 0 ucredpl 96 2585 0 2577 1 0 1 1 0 8 0 zombiepl 144 2378 0 2378 1 0 1 1 0 8 1 processpl 896 2409 0 2378 4 0 4 4 0 8 0 procpl 632 7353 0 7312 5 0 5 5 0 8 0 srpgc 64 22 0 22 9 8 1 1 0 8 1 sosppl 128 62 0 62 10 9 1 1 0 8 1 sockpl 384 12289 0 12273 53 46 7 14 0 8 5 mcl64k 65536 14 0 0 2 0 2 2 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 18 0 0 2 0 2 2 0 8 0 mcl9k 9216 14 0 0 1 0 1 1 0 8 0 mcl8k 8192 25 0 0 4 1 3 3 0 8 0 mcl4k 4096 16 0 0 2 0 2 2 0 8 0 mcl2k2 2112 7 0 0 1 0 1 1 0 8 0 mcl2k 2048 231 0 0 28 0 28 28 0 8 0 mtagpl 80 25 0 0 1 0 1 1 0 8 0 mbufpl 256 676 0 0 29 0 29 29 0 8 0 bufpl 256 15105 0 8047 442 0 442 442 0 8 0 anonpl 16 293206 0 273530 126 27 99 109 0 124 0 amapchunkpl 152 17007 0 16855 34 26 8 14 0 158 0 amappl16 192 11672 0 10265 114 40 74 83 0 8 3 amappl15 184 700 0 697 1 0 1 1 0 8 0 amappl14 176 831 0 825 1 0 1 1 0 8 0 amappl13 168 9 0 9 2 2 0 1 0 8 0 amappl12 160 520 0 517 1 0 1 1 0 8 0 amappl11 152 263 0 255 1 0 1 1 0 8 0 amappl10 144 114 0 105 1 0 1 1 0 8 0 amappl9 136 905 0 902 1 0 1 1 0 8 0 amappl8 128 508 0 458 2 0 2 2 0 8 0 amappl7 120 219 0 207 1 0 1 1 0 8 0 amappl6 112 222 0 203 1 0 1 1 0 8 0 amappl5 104 769 0 758 1 0 1 1 0 8 0 amappl4 96 2384 0 2353 1 0 1 1 0 8 0 amappl3 88 939 0 932 1 0 1 1 0 8 0 amappl2 80 17635 0 17565 3 1 2 3 0 8 0 amappl1 72 64343 0 63925 25 14 11 20 0 8 0 amappl 80 7873 0 7821 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 129 0 0 3 0 3 3 0 8 0 uaddrrnd 24 2417 0 2377 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2417 0 2377 1 0 1 1 0 8 0 vmmpekpl 168 24205 0 24169 3 1 2 3 0 8 0 vmmpepl 168 315558 0 312943 271 102 169 169 0 357 51 vmsppl 368 2391 0 2377 2 0 2 2 0 8 0 pdppl 4096 4841 0 4793 8 1 7 7 0 8 0 pvpl 32 814554 0 791662 307 83 224 253 0 265 0 pmappl 232 2416 0 2391 3 1 2 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 685 0 44 19 0 19 19 0 8 0