panic: attempt to execute user address 0x0 in supervisor mode Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *426273 87522 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x3eb kerntrap(ffff8000159314d0) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800016b82000,fffffd802eb7baf8,10,ffff80000005b280,ffff800015931738) at alltraps_kern_meltdown+0x7b 0(b,ffff800015931698,83,ffff800015931738,0,b) at 0 rt_match(fffffd803701da58,0,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd803701da58,0,1,0) at rt_match+0xbe sys/net/route.c:242 in_pcbselsrc(ffff800015931810,fffffd803c0d9420,fffffd803701d9d8) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd803701d9d8,fffffd803c0d9400) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 udp_usrreq(fffffd8027974ac0,4,0,fffffd803c0d9400,0,ffff8000149158c8) at udp_usrreq+0x560 sys_connect(ffff8000149158c8,ffff800015931998,ffff8000159319e0) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff800015931a60) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,c62af5b9010) at Xsyscall+0x128 end of kernel end trace frame: 0xc650bb310b0, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic attempt to execute user address 0x0 in supervisor mode ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x3eb kerntrap(ffff8000159314d0) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800016b82000,fffffd802eb7baf8,10,ffff80000005b280,ffff800015931738) at alltraps_kern_meltdown+0x7b 0(b,ffff800015931698,83,ffff800015931738,0,b) at 0 rt_match(fffffd803701da58,0,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd803701da58,0,1,0) at rt_match+0xbe sys/net/route.c:242 in_pcbselsrc(ffff800015931810,fffffd803c0d9420,fffffd803701d9d8) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd803701d9d8,fffffd803c0d9400) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 udp_usrreq(fffffd8027974ac0,4,0,fffffd803c0d9400,0,ffff8000149158c8) at udp_usrreq+0x560 sys_connect(ffff8000149158c8,ffff800015931998,ffff8000159319e0) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff800015931a60) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,c62af5b9010) at Xsyscall+0x128 end of kernel end trace frame: 0xc650bb310b0, count: -13 ddb> show registers rdi 0xffffffff812241d7 db_enter+0x17 rsi 0x2227 __ALIGN_SIZE+0x1227 rbp 0xffff800015931340 rbx 0xffff8000159313f0 rdx 0x2228 __ALIGN_SIZE+0x1228 rcx 0xffff800016b82000 rax 0xffff800016b82000 r8 0xffff800015931300 r9 0x1 r10 0xffff800000a58ec0 r11 0x6a3ab606f589e166 r12 0x3000000008 r13 0xffff800015931350 r14 0x100 r15 0x1 rip 0xffffffff812241d8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800015931330 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=426273 stat=onproc flags process=0 proc=4000000 pri=82, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff8000149153d8,0xffffffff825686e0 process=0xffff8000ffff70f0 user=0xffff80001592c000, vmspace=0xfffffd803f013000 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 87522 132519 85587 0 2 0 syz-executor.1 *87522 426273 85587 0 7 0x4000000 syz-executor.1 57161 166898 34637 0 2 0 syz-executor.0 57161 294447 34637 0 3 0x4000000 physio syz-executor.0 34637 299607 31215 0 3 0x82 nanosleep syz-executor.0 85587 382933 31215 0 3 0x82 nanosleep syz-executor.1 84382 477089 0 0 3 0x14200 acct acct 72522 127346 1 0 3 0x100083 ttyin getty 21729 351333 0 0 3 0x14200 bored sosplice 31215 274455 21154 0 3 0x82 thrsleep syz-fuzzer 31215 512758 21154 0 3 0x4000082 thrsleep syz-fuzzer 31215 98155 21154 0 3 0x4000082 kqread syz-fuzzer 31215 88144 21154 0 3 0x4000082 thrsleep syz-fuzzer 31215 437404 21154 0 3 0x4000082 thrsleep syz-fuzzer 31215 169155 21154 0 3 0x4000082 thrsleep syz-fuzzer 31215 54907 21154 0 3 0x4000082 thrsleep syz-fuzzer 31215 72149 21154 0 3 0x4000082 thrsleep syz-fuzzer 21154 353199 81415 0 3 0x10008a pause ksh 81415 394632 86694 0 3 0x92 select sshd 86694 344762 1 0 3 0x80 select sshd 71773 27955 8216 73 3 0x100090 kqread syslogd 8216 388423 1 0 3 0x100082 netio syslogd 69376 60852 1 77 3 0x100090 poll dhclient 50174 519191 1 0 3 0x80 poll dhclient 2575 201723 0 0 2 0x14200 zerothread 63654 499889 0 0 3 0x14200 aiodoned aiodoned 310 59261 0 0 3 0x14200 syncer update 37743 102734 0 0 3 0x14200 cleaner cleaner 12031 201653 0 0 3 0x14200 reaper reaper 36907 86000 0 0 3 0x14200 pgdaemon pagedaemon 14804 380032 0 0 3 0x14200 bored crynlk 53151 284531 0 0 3 0x14200 bored crypto 25037 377940 0 0 3 0x40014200 acpi0 acpi0 94409 92753 0 0 3 0x14200 bored softnet 38628 209375 0 0 3 0x14200 bored systqmp 58625 52137 0 0 3 0x14200 bored systq 80673 15335 0 0 3 0x40014200 bored softclock 84300 445067 0 0 3 0x40014200 idle0 47063 109418 0 0 3 0x14200 bored smr 1 59007 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9623 7063K 9061K 78643K 33011 0 0 pcb 13 12K 14K 78643K 2505 0 0 rtable 144 13K 14K 78643K 7707 0 0 ifaddr 108 27K 28K 78643K 2056 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 687 0 0 iov 0 0K 32K 78643K 3076 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1215 76K 78K 78643K 11095 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 159 0 0 VM map 2 0K 0K 78643K 68 0 0 sem 12 0K 0K 78643K 4138 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 13470 0 0 sigio 0 0K 0K 78643K 131 0 0 proc 50 38K 63K 78643K 5130 0 0 subproc 32 2K 2K 78643K 1445 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 748 0 0 in_multi 42 2K 3K 78643K 1444 0 0 ether_multi 1 0K 0K 78643K 47 0 0 mrt 0 0K 0K 78643K 105 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 186 821K 821K 78643K 186 0 0 exec 0 0K 1K 78643K 2750 0 0 pfkey data 0 0K 4K 78643K 8 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 157 25K 34K 78643K 34684 0 0 UVM aobj 130 4K 4K 78643K 148 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 2753 0 0 NDP 24 0K 1K 78643K 703 0 0 temp 254 3537K 4177K 78643K 347093 0 0 kqueue 0 0K 0K 78643K 83 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 260 0 251 1 0 1 1 0 8 0 rtpcb 80 931 0 929 1 0 1 1 0 8 0 rtentry 112 1456 0 1404 2 0 2 2 0 8 0 unpcb 120 5209 0 5197 4 3 1 2 0 8 0 syncache 264 73 0 73 28 27 1 1 0 8 1 sackhl 24 10 0 10 6 6 0 1 0 8 0 tcpqe 32 6232 0 6232 15 15 0 1 0 8 0 tcpcb 544 7980 0 7976 65 64 1 15 0 8 0 ipq 40 116 0 116 42 41 1 1 0 8 1 ipqe 40 277 0 277 42 41 1 1 0 8 1 inpcb 280 18341 0 18331 107 105 2 13 0 8 1 rttmr 72 37 0 36 15 14 1 1 0 8 0 nd6 48 221 0 217 8 7 1 1 0 8 0 pkpcb 40 57 0 57 27 27 0 1 0 8 0 swfcl 56 10 0 0 1 0 1 1 0 8 0 ppxss 1128 237 0 237 49 48 1 1 0 8 1 art_heap8 4096 8 0 6 7 5 2 4 0 8 0 art_heap4 256 6507 0 6213 83 63 20 20 0 8 1 art_table 32 6515 0 6219 3 0 3 3 0 8 0 art_node 16 1439 0 1392 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 4136 0 4126 1 0 1 1 0 8 0 shmpl 112 146 0 18 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 23284 0 21847 47 0 47 47 0 8 0 ffsino 240 23284 0 21847 85 0 85 85 0 8 0 nchpl 144 45416 0 43791 62 0 62 62 0 8 0 uvmvnodes 72 9726 0 0 177 0 177 177 0 8 0 vnodes 208 9726 0 0 512 0 512 512 0 8 0 namei 1024 167234 0 167234 17 16 1 1 0 8 1 vmpool 520 66 0 66 25 25 0 1 0 8 0 scsiplug 64 24 0 24 20 20 0 1 0 8 0 scxspl 192 186661 0 186660 81 79 2 7 0 8 1 plimitpl 152 1186 0 1179 1 0 1 1 0 8 0 sigapl 432 13396 0 13382 2 0 2 2 0 8 0 futexpl 56 397639 0 397639 20 19 1 1 0 8 1 knotepl 112 3455 0 3436 3 2 1 2 0 8 0 kqueuepl 104 3740 0 3738 10 9 1 4 0 8 0 pipepl 112 14084 0 14065 38 37 1 2 0 8 0 fdescpl 424 13397 0 13382 2 0 2 2 0 8 0 filepl 120 121871 0 121773 95 91 4 11 0 8 1 lockfpl 104 5136 0 5135 1 0 1 1 0 8 0 lockfspl 48 1659 0 1658 1 0 1 1 0 8 0 sessionpl 112 104 0 94 1 0 1 1 0 8 0 pgrppl 48 212 0 202 1 0 1 1 0 8 0 ucredpl 96 16210 0 16202 1 0 1 1 0 8 0 zombiepl 144 13385 0 13385 3 2 1 1 0 8 1 processpl 864 13416 0 13385 4 0 4 4 0 8 0 procpl 632 29596 0 29556 11 7 4 5 0 8 0 sosppl 128 167 0 167 42 42 0 1 0 8 0 sockpl 384 24757 0 24735 181 177 4 21 0 8 1 mcl64k 65536 5962 0 5705 559 526 33 65 0 8 0 mcl16k 16384 144 0 144 59 58 1 1 0 8 1 mcl12k 12288 341 0 341 42 41 1 1 0 8 1 mcl9k 9216 222 0 221 39 38 1 1 0 8 0 mcl8k 8192 696 0 696 29 28 1 1 0 8 1 mcl4k 4096 1582 0 1582 21 20 1 1 0 8 1 mcl2k2 2112 121 0 121 54 53 1 1 0 8 1 mcl2k 2048 76249 0 76205 50 43 7 12 0 8 1 mtagpl 80 203 0 203 3 3 0 1 0 8 0 mbufpl 256 239590 0 239240 376 350 26 40 0 8 0 bufpl 256 60205 0 50184 628 1 627 627 0 8 0 anonpl 16 1680873 0 1666163 321 240 81 82 0 62 5 amapchunkpl 152 74870 0 74763 247 241 6 18 0 158 1 amappl16 192 87691 0 86789 641 587 54 58 0 8 8 amappl15 184 2454 0 2453 14 13 1 1 0 8 0 amappl14 176 2279 0 2275 2 1 1 1 0 8 0 amappl13 168 1711 0 1710 1 0 1 1 0 8 0 amappl12 160 1094 0 1093 2 1 1 1 0 8 0 amappl11 152 1703 0 1691 1 0 1 1 0 8 0 amappl10 144 1486 0 1482 1 0 1 1 0 8 0 amappl9 136 4366 0 4358 1 0 1 1 0 8 0 amappl8 128 3827 0 3753 7 4 3 3 0 8 0 amappl7 120 1881 0 1871 1 0 1 1 0 8 0 amappl6 112 1493 0 1480 1 0 1 1 0 8 0 amappl5 104 1956 0 1947 1 0 1 1 0 8 0 amappl4 96 13121 0 13085 1 0 1 1 0 8 0 amappl3 88 3396 0 3391 1 0 1 1 0 8 0 amappl2 80 103775 0 103698 4 2 2 3 0 8 0 amappl1 72 258080 0 257667 28 19 9 20 0 8 0 amappl 80 31316 0 31279 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 147 0 18 3 0 3 3 0 8 0 uaddrrnd 24 13463 0 13382 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 13463 0 13382 1 0 1 1 0 8 0 vmmpekpl 168 98822 0 98798 2 0 2 2 0 8 0 vmmpepl 168 1638422 0 1636321 866 742 124 125 0 357 23 vmsppl 272 13396 0 13382 9 8 1 2 0 8 0 pdppl 4096 26932 0 26896 6 1 5 6 0 8 0 pvpl 32 5086060 0 5068120 1165 972 193 298 0 265 21 pmappl 200 13462 0 13448 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 1999 0 1185 25 1 24 24 0 8 0