panic: attempt to execute user address 0x0 in supervisor mode Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *222764 94254 0 0 0x4000000 0 syz-executor.0 210377 17214 0 0x2 0 1 syz-fuzzer db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x40b kerntrap(ffff800022d6d630) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800023788000,fffffd80660d2938,10,ffff8000000250d0,ffff800022d6d898) at alltraps_kern_meltdown+0x7b 0(b,ffff800022d6d7f8,83,ffff800022d6d898,0,b) at 0 rt_clone(ffff800022d6d908,fffffd806f6d3eb8,0) at rt_clone+0x78 sys/net/route.c:266 rtalloc_mpath(fffffd806f6d3eb8,0,0) at rtalloc_mpath+0xba rt_match sys/net/route.c:244 [inline] rtalloc_mpath(fffffd806f6d3eb8,0,0) at rtalloc_mpath+0xba sys/net/route.c:359 in_pcbselsrc(ffff800022d6d9e0,fffffd806d352320,fffffd806f6d3e38) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd806f6d3e38,fffffd806d352300) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 udp_usrreq(fffffd8068795958,4,0,fffffd806d352300,0,ffff800020acf8d0) at udp_usrreq+0x560 sys_connect(ffff800020acf8d0,ffff800022d6db68,ffff800022d6dbb0) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff800022d6dc30) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800022d6dc30) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,85d05b74010) at Xsyscall+0x128 end of kernel end trace frame: 0x85ff5775c50, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic attempt to execute user address 0x0 in supervisor mode ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x40b kerntrap(ffff800022d6d630) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800023788000,fffffd80660d2938,10,ffff8000000250d0,ffff800022d6d898) at alltraps_kern_meltdown+0x7b 0(b,ffff800022d6d7f8,83,ffff800022d6d898,0,b) at 0 rt_clone(ffff800022d6d908,fffffd806f6d3eb8,0) at rt_clone+0x78 sys/net/route.c:266 rtalloc_mpath(fffffd806f6d3eb8,0,0) at rtalloc_mpath+0xba rt_match sys/net/route.c:244 [inline] rtalloc_mpath(fffffd806f6d3eb8,0,0) at rtalloc_mpath+0xba sys/net/route.c:359 in_pcbselsrc(ffff800022d6d9e0,fffffd806d352320,fffffd806f6d3e38) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd806f6d3e38,fffffd806d352300) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 udp_usrreq(fffffd8068795958,4,0,fffffd806d352300,0,ffff800020acf8d0) at udp_usrreq+0x560 sys_connect(ffff800020acf8d0,ffff800022d6db68,ffff800022d6dbb0) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff800022d6dc30) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800022d6dc30) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,85d05b74010) at Xsyscall+0x128 end of kernel end trace frame: 0x85ff5775c50, count: -14 ddb{0}> show registers rdi 0xffffffff8120a007 db_enter+0x17 rsi 0x25af __ALIGN_SIZE+0x15af rbp 0xffff800022d6d4a0 rbx 0xffff800022d6d550 rdx 0x25b0 __ALIGN_SIZE+0x15b0 rcx 0xffff800023788000 rax 0xffff800023788000 r8 0xffffffff8133d93f kprintf+0x16f r9 0x1 r10 0x25 r11 0x8e86a6be29d47cc4 r12 0x3000000008 r13 0xffff800022d6d4b0 r14 0x100 r15 0x1 rip 0xffffffff8120a008 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800022d6d490 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.0) pid=222764 stat=onproc flags process=0 proc=4000000 pri=81, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff800020ace788,0xffffffff82644f88 process=0xffff800020adc000 user=0xffff800022d68000, vmspace=0xfffffd807f00a450 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 94254 245190 66787 0 2 0 syz-executor.0 *94254 222764 66787 0 7 0x4000000 syz-executor.0 87677 141811 45576 0 3 0x80 nanosleep syz-executor.1 87677 335160 45576 0 3 0x4000080 select syz-executor.1 87677 299679 45576 0 3 0x4000080 fsleep syz-executor.1 66787 265459 17214 0 2 0x482 syz-executor.0 45576 358354 17214 0 2 0x482 syz-executor.1 9766 380871 1 0 3 0x100083 ttyin getty 21031 215838 0 0 3 0x14200 acct acct 85292 416018 0 0 3 0x14200 bored sosplice 17214 210377 21324 0 7 0x2 syz-fuzzer 17214 510682 21324 0 3 0x4000082 nanosleep syz-fuzzer 17214 444706 21324 0 3 0x4000082 thrsleep syz-fuzzer 17214 97088 21324 0 3 0x4000082 thrsleep syz-fuzzer 17214 8580 21324 0 3 0x4000082 thrsleep syz-fuzzer 17214 101941 21324 0 3 0x4000082 thrsleep syz-fuzzer 17214 303616 21324 0 3 0x4000082 thrsleep syz-fuzzer 17214 125094 21324 0 3 0x4000082 kqread syz-fuzzer 17214 8985 21324 0 3 0x4000082 thrsleep syz-fuzzer 17214 481946 21324 0 3 0x4000082 thrsleep syz-fuzzer 21324 168565 96091 0 3 0x10008a pause ksh 96091 127824 78775 0 3 0x92 select sshd 78775 278366 1 0 3 0x80 select sshd 20291 365644 59724 74 3 0x100092 bpf pflogd 59724 292671 1 0 3 0x80 netio pflogd 11274 65456 84694 73 3 0x100090 kqread syslogd 84694 74014 1 0 3 0x100082 netio syslogd 58280 134167 1 77 3 0x100090 poll dhclient 73655 14087 1 0 3 0x80 poll dhclient 34920 284957 0 0 3 0x14200 pgzero zerothread 59843 58438 0 0 3 0x14200 aiodoned aiodoned 93249 211606 0 0 3 0x14200 syncer update 98551 428767 0 0 3 0x14200 cleaner cleaner 2870 342482 0 0 3 0x14200 reaper reaper 59715 335752 0 0 3 0x14200 pgdaemon pagedaemon 36967 296217 0 0 3 0x14200 bored crynlk 18753 113222 0 0 3 0x14200 bored crypto 40487 56728 0 0 3 0x40014200 acpi0 acpi0 79298 193621 0 0 3 0x40014200 idle1 38375 57308 0 0 3 0x14200 bored softnet 51796 157004 0 0 3 0x14200 bored systqmp 10673 170703 0 0 3 0x14200 bored systq 29785 462832 0 0 2 0x40014200 softclock 65046 350742 0 0 3 0x40014200 idle0 93599 36607 0 0 3 0x14200 bored smr 1 113856 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 94254 (syz-executor.0) thread 0xffff800020acf8d0 (222764) exclusive rwlock netlock r = 0 (0xffffffff824c7128) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 uvn_io+0x3b2 sys/uvm/uvm_vnode.c:1206 #2 uvn_get+0x226 sys/uvm/uvm_vnode.c:1049 #3 uvm_fault+0x11cc sys/uvm/uvm_fault.c:1023 #4 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199 #5 kerntrap+0xec sys/arch/amd64/amd64/trap.c:287 #6 alltraps_kern_meltdown+0x7b #7 copyin+0x4b #8 sys_connect+0x9c sys/kern/uipc_syscalls.c:367 #9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #10 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 2 (0xffffffff8266e8b8) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9592 6449K 7386K 78643K 15663 0 0 pcb 14 8K 8K 78643K 258 0 0 rtable 118 13K 13K 78643K 1308 0 0 ifaddr 90 18K 19K 78643K 389 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 2454 0 0 iov 0 0K 32K 78643K 292 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1223 77K 77K 78643K 2904 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 22 0 0 VM map 2 1K 1K 78643K 10 0 0 sem 12 0K 1K 78643K 259 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 6 17K 25K 78643K 1643 0 0 sigio 0 0K 0K 78643K 18 0 0 proc 61 63K 95K 78643K 1055 0 0 subproc 32 2K 2K 78643K 221 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 103 0 0 in_multi 30 2K 2K 78643K 163 0 0 ether_multi 1 0K 0K 78643K 3 0 0 mrt 0 0K 0K 78643K 5 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 557 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 116 22K 31K 78643K 6647 0 0 UVM aobj 92 5K 6K 78643K 94 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 2 0K 0K 78643K 260 0 0 NDP 21 0K 0K 78643K 121 0 0 temp 236 3557K 3633K 78643K 45226 0 0 kqueue 0 0K 0K 78643K 9 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 55 0 48 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 112 0 110 1 0 1 1 0 8 0 rtentry 112 219 0 175 2 0 2 2 0 8 0 unpcb 120 1752 0 1738 1 0 1 1 0 8 0 syncache 264 9 0 9 4 3 1 1 0 8 1 tcpqe 32 5503 0 5503 2 2 0 2 0 8 0 tcpcb 544 539 0 535 7 4 3 3 0 8 2 inpcb 280 2586 0 2577 9 6 3 4 0 8 2 rttmr 72 2 0 2 1 1 0 1 0 8 0 nd6 48 24 0 21 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 swfcl 56 1 0 0 1 0 1 1 0 8 0 ppxss 1128 40 0 40 7 6 1 1 0 8 1 pffrag 232 13 0 13 4 4 0 1 0 482 0 pffrnode 88 13 0 13 4 4 0 1 0 8 0 pffrent 40 30 0 30 4 4 0 1 0 8 0 pfosfp 40 846 0 846 5 5 0 5 0 8 0 pfosfpen 112 1428 0 1428 21 21 0 21 0 8 0 pfstitem 24 93 0 65 1 0 1 1 0 8 0 pfstkey 112 93 0 65 2 0 2 2 0 8 0 pfstate 328 93 0 65 4 0 4 4 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 916 0 705 19 4 15 16 0 8 0 art_table 32 917 0 705 3 1 2 3 0 8 0 art_node 16 218 0 177 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 8 1 1 0 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 254 0 244 1 0 1 1 0 8 0 shmpl 112 92 0 2 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 3851 0 2437 46 0 46 46 0 8 0 ffsino 272 3851 0 2437 95 0 95 95 0 8 0 nchpl 144 6282 0 4670 61 0 61 61 0 8 0 uvmvnodes 72 5170 0 0 94 0 94 94 0 8 0 vnodes 208 5170 0 0 273 0 273 273 0 8 0 namei 1024 22608 0 22608 3 2 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vmpool 552 8 0 8 5 5 0 1 0 8 0 scsiplug 64 2 0 2 2 2 0 1 0 8 0 scxspl 192 20318 0 20318 20 19 1 7 0 8 1 plimitpl 152 171 0 163 1 0 1 1 0 8 0 sigapl 432 1811 0 1795 3 1 2 3 0 8 0 futexpl 56 40840 0 40839 1 0 1 1 0 8 0 knotepl 112 498 0 479 2 1 1 2 0 8 0 kqueuepl 104 441 0 439 2 1 1 2 0 8 0 pipepl 112 1156 0 1137 5 4 1 2 0 8 0 fdescpl 488 1812 0 1795 3 0 3 3 0 8 0 filepl 152 15605 0 15500 14 8 6 7 0 8 1 lockfpl 104 628 0 626 1 0 1 1 0 8 0 lockfspl 48 213 0 211 1 0 1 1 0 8 0 sessionpl 112 30 0 19 1 0 1 1 0 8 0 pgrppl 48 46 0 35 1 0 1 1 0 8 0 ucredpl 96 2116 0 2107 1 0 1 1 0 8 0 zombiepl 144 1795 0 1795 3 2 1 1 0 8 1 processpl 896 1829 0 1795 4 0 4 4 0 8 0 procpl 632 5338 0 5292 5 0 5 5 0 8 0 srpgc 64 24 0 24 5 4 1 1 0 8 1 sosppl 128 34 0 34 5 5 0 1 0 8 0 sockpl 384 4630 0 4605 18 12 6 7 0 8 3 mcl64k 65536 12 0 0 2 0 2 2 0 8 0 mcl16k 16384 14 0 0 2 0 2 2 0 8 0 mcl12k 12288 20 0 0 2 0 2 2 0 8 0 mcl9k 9216 11 0 0 1 0 1 1 0 8 0 mcl8k 8192 18 0 0 3 0 3 3 0 8 0 mcl4k 4096 12 0 0 2 0 2 2 0 8 0 mcl2k2 2112 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 220 0 0 25 0 25 25 0 8 0 mtagpl 80 36 0 0 1 0 1 1 0 8 0 mbufpl 256 299 0 0 16 1 15 15 0 8 0 bufpl 256 10841 0 3793 441 0 441 441 0 8 0 anonpl 16 215675 0 201608 113 41 72 80 0 124 7 amapchunkpl 152 12712 0 12572 32 21 11 20 0 158 4 amappl16 192 9762 0 8892 91 40 51 56 0 8 6 amappl15 184 59 0 59 1 1 0 1 0 8 0 amappl14 176 712 0 710 2 1 1 1 0 8 0 amappl13 168 10 0 9 1 0 1 1 0 8 0 amappl12 160 234 0 227 2 1 1 1 0 8 0 amappl11 152 247 0 232 1 0 1 1 0 8 0 amappl10 144 29 0 22 1 0 1 1 0 8 0 amappl9 136 817 0 811 1 0 1 1 0 8 0 amappl8 128 359 0 326 2 0 2 2 0 8 0 amappl7 120 97 0 88 1 0 1 1 0 8 0 amappl6 112 267 0 250 1 0 1 1 0 8 0 amappl5 104 455 0 439 1 0 1 1 0 8 0 amappl4 96 1938 0 1905 1 0 1 1 0 8 0 amappl3 88 479 0 473 1 0 1 1 0 8 0 amappl2 80 12917 0 12832 3 1 2 3 0 8 0 amappl1 72 51387 0 50916 25 15 10 20 0 8 0 amappl 80 5781 0 5735 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 93 0 2 2 0 2 2 0 8 0 uaddrrnd 24 1820 0 1795 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1820 0 1795 1 0 1 1 0 8 0 vmmpekpl 168 18033 0 18000 2 0 2 2 0 8 0 vmmpepl 168 235204 0 233046 226 104 122 137 0 357 27 vmsppl 368 1811 0 1795 2 0 2 2 0 8 0 pdppl 4096 3647 0 3606 7 1 6 6 0 8 0 pvpl 32 623339 0 605956 275 93 182 190 0 265 23 pmappl 232 1819 0 1803 6 5 1 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 632 0 15 18 0 18 18 0 8 0