panic: attempt to execute user address 0x0 in supervisor mode Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *309158 35800 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x3eb kerntrap(ffff800015939af0) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800015973000,fffffd803c911b68,10,ffff80000005bc70,ffff800015939d58) at alltraps_kern_meltdown+0x7b 0(b,ffff800015939cb8,83,ffff800015939d58,0,b) at 0 rt_match(fffffd803a219a58,0,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd803a219a58,0,1,0) at rt_match+0xbe sys/net/route.c:242 in_pcbselsrc(ffff800015939e30,fffffd803adf1d20,fffffd803a2199d8) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd803a2199d8,fffffd803adf1d00) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 tcp_usrreq(fffffd8029e44db8,4,0,fffffd803adf1d00,0,ffff8000ffff2ee8) at tcp_usrreq+0xada sys/netinet/tcp_usrreq.c:228 sys_connect(ffff8000ffff2ee8,ffff800015939fd8,ffff80001593a020) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff80001593a0a0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,a87201d8010) at Xsyscall+0x128 end of kernel end trace frame: 0xa8a04d2be30, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic attempt to execute user address 0x0 in supervisor mode ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x3eb kerntrap(ffff800015939af0) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800015973000,fffffd803c911b68,10,ffff80000005bc70,ffff800015939d58) at alltraps_kern_meltdown+0x7b 0(b,ffff800015939cb8,83,ffff800015939d58,0,b) at 0 rt_match(fffffd803a219a58,0,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd803a219a58,0,1,0) at rt_match+0xbe sys/net/route.c:242 in_pcbselsrc(ffff800015939e30,fffffd803adf1d20,fffffd803a2199d8) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd803a2199d8,fffffd803adf1d00) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 tcp_usrreq(fffffd8029e44db8,4,0,fffffd803adf1d00,0,ffff8000ffff2ee8) at tcp_usrreq+0xada sys/netinet/tcp_usrreq.c:228 sys_connect(ffff8000ffff2ee8,ffff800015939fd8,ffff80001593a020) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff80001593a0a0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,a87201d8010) at Xsyscall+0x128 end of kernel end trace frame: 0xa8a04d2be30, count: -13 ddb> show registers rdi 0xffffffff81b07ef7 db_enter+0x17 rsi 0x2177 __ALIGN_SIZE+0x1177 rbp 0xffff800015939960 rbx 0xffff800015939a10 rdx 0x2178 __ALIGN_SIZE+0x1178 rcx 0xffff800015973000 rax 0xffff800015973000 r8 0xffff800015939920 r9 0x1 r10 0xffff800000b1ce00 r11 0x415d95534c328ef0 r12 0x3000000008 r13 0xffff800015939970 r14 0x100 r15 0x1 rip 0xffffffff81b07ef8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800015939950 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=309158 stat=onproc flags process=0 proc=4000000 pri=82, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2780,0xffffffff8255bd20 process=0xffff8000ffff6370 user=0xffff800015935000, vmspace=0xfffffd803f013220 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 35800 275037 94857 0 2 0 syz-executor.0 *35800 309158 94857 0 7 0x4000000 syz-executor.0 5510 406668 1 0 3 0x100083 ttyin getty 6313 433391 31579 0 3 0x82 nanosleep syz-executor.1 94857 115941 31579 0 3 0x82 nanosleep syz-executor.0 63949 414121 0 0 3 0x14200 acct acct 34576 182039 0 0 3 0x14200 bored sosplice 31579 277206 95506 0 3 0x82 thrsleep syz-fuzzer 31579 426577 95506 0 3 0x4000082 thrsleep syz-fuzzer 31579 168500 95506 0 3 0x4000082 kqread syz-fuzzer 31579 387401 95506 0 3 0x4000082 thrsleep syz-fuzzer 31579 249127 95506 0 3 0x4000082 thrsleep syz-fuzzer 31579 400286 95506 0 3 0x4000082 thrsleep syz-fuzzer 31579 193327 95506 0 3 0x4000082 thrsleep syz-fuzzer 31579 123259 95506 0 3 0x4000082 thrsleep syz-fuzzer 95506 302744 61746 0 3 0x10008a pause ksh 61746 314455 6319 0 3 0x92 select sshd 6319 165639 1 0 3 0x80 select sshd 52602 467773 78708 73 3 0x100090 kqread syslogd 78708 445318 1 0 3 0x100082 netio syslogd 52694 440786 1 77 3 0x100090 poll dhclient 13885 124888 1 0 3 0x80 poll dhclient 20055 120741 0 0 2 0x14200 zerothread 48147 50961 0 0 3 0x14200 aiodoned aiodoned 85659 280068 0 0 3 0x14200 syncer update 77078 172109 0 0 3 0x14200 cleaner cleaner 22769 255965 0 0 3 0x14200 reaper reaper 18995 475916 0 0 3 0x14200 pgdaemon pagedaemon 32260 242968 0 0 3 0x14200 bored crynlk 24816 16414 0 0 3 0x14200 bored crypto 90535 206629 0 0 3 0x40014200 acpi0 acpi0 96102 510525 0 0 3 0x14200 bored softnet 95156 458185 0 0 3 0x14200 bored systqmp 74678 434685 0 0 3 0x14200 bored systq 77906 215539 0 0 3 0x40014200 bored softclock 23345 22717 0 0 3 0x40014200 idle0 53035 64790 0 0 3 0x14200 bored smr 1 198984 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9597 7027K 7797K 78643K 32116 0 0 pcb 13 10K 12K 78643K 1560 0 0 rtable 150 13K 14K 78643K 4222 0 0 ifaddr 105 27K 31K 78643K 1217 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 413 0 0 iov 0 0K 32K 78643K 1874 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1223 77K 78K 78643K 10904 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 94 0 0 VM map 2 0K 0K 78643K 51 0 0 sem 12 1K 1K 78643K 1373 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 8618 0 0 sigio 0 0K 0K 78643K 2350 0 0 proc 50 38K 63K 78643K 2844 0 0 subproc 32 2K 2K 78643K 775 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 472 0 0 in_multi 30 2K 2K 78643K 702 0 0 ether_multi 1 0K 0K 78643K 27 0 0 mrt 0 0K 0K 78643K 24 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 102 450K 450K 78643K 102 0 0 exec 0 0K 1K 78643K 1709 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 122 22K 34K 78643K 22126 0 0 UVM aobj 130 5K 5K 78643K 172 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 1744 0 0 NDP 24 0K 1K 78643K 389 0 0 temp 254 3537K 4178K 78643K 228792 0 0 kqueue 0 0K 0K 78643K 48 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 162 0 149 1 0 1 1 0 8 0 rtpcb 80 631 0 629 1 0 1 1 0 8 0 rtentry 112 772 0 717 2 0 2 2 0 8 0 unpcb 120 4416 0 4401 4 3 1 2 0 8 0 syncache 264 47 0 47 21 21 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 5861 0 5861 12 12 0 1 0 8 0 tcpcb 544 2965 0 2960 29 28 1 15 0 8 0 ipq 40 70 0 66 23 22 1 1 0 8 0 ipqe 40 379 0 143 25 22 3 3 0 8 0 inpcb 280 10386 0 10376 53 51 2 9 0 8 1 rttmr 72 7 0 7 6 6 0 1 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 nd6 48 96 0 94 5 4 1 1 0 8 0 pkpcb 40 48 0 48 18 18 0 1 0 8 0 swfcl 56 6 0 0 1 0 1 1 0 8 0 ppxss 1128 144 0 144 34 34 0 1 0 8 0 art_heap8 4096 33 0 30 16 13 3 5 0 8 0 art_heap4 256 3337 0 3076 53 35 18 19 0 8 0 art_table 32 3370 0 3106 4 1 3 3 0 8 0 art_node 16 756 0 707 1 0 1 1 0 8 0 sysvmsgpl 40 260 0 254 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 1371 0 1361 1 0 1 1 0 8 0 shmpl 112 170 0 42 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 14611 0 13193 46 0 46 46 0 8 0 ffsino 240 14611 0 13193 84 0 84 84 0 8 0 nchpl 144 26851 0 25242 61 0 61 61 0 8 0 uvmvnodes 72 9038 0 0 165 0 165 165 0 8 0 vnodes 208 9038 0 0 476 0 476 476 0 8 0 namei 1024 97453 0 97453 11 10 1 1 0 8 1 vmpool 520 49 0 49 18 18 0 1 0 8 0 scsiplug 64 12 0 12 7 7 0 1 0 8 0 scxspl 192 119819 0 119819 43 39 4 7 0 8 4 plimitpl 152 709 0 702 1 0 1 1 0 8 0 sigapl 432 8669 0 8656 2 0 2 2 0 8 0 futexpl 56 211277 0 211277 10 9 1 1 0 8 1 knotepl 112 2594 0 2575 6 5 1 3 0 8 0 kqueuepl 104 2699 0 2697 7 6 1 4 0 8 0 pipepl 112 13550 0 13531 25 24 1 2 0 8 0 fdescpl 424 8670 0 8656 2 0 2 2 0 8 0 filepl 120 77109 0 77013 45 41 4 10 0 8 0 lockfpl 104 3116 0 3114 1 0 1 1 0 8 0 lockfspl 48 1045 0 1043 1 0 1 1 0 8 0 sessionpl 112 69 0 59 1 0 1 1 0 8 0 pgrppl 48 133 0 123 1 0 1 1 0 8 0 ucredpl 96 9517 0 9507 1 0 1 1 0 8 0 zombiepl 144 8663 0 8662 3 2 1 1 0 8 0 processpl 864 8693 0 8662 4 0 4 4 0 8 0 procpl 632 19135 0 19096 5 1 4 5 0 8 0 sosppl 128 124 0 124 30 29 1 1 0 8 1 sockpl 384 15585 0 15560 53 49 4 14 0 8 0 mcl64k 65536 3131 0 3131 250 238 12 33 0 8 12 mcl16k 16384 96 0 96 31 30 1 1 0 8 1 mcl12k 12288 200 0 200 30 29 1 1 0 8 1 mcl9k 9216 150 0 150 29 28 1 1 0 8 1 mcl8k 8192 363 0 363 22 21 1 1 0 8 1 mcl4k 4096 791 0 791 13 12 1 1 0 8 1 mcl2k2 2112 81 0 81 33 32 1 1 0 8 1 mcl2k 2048 62231 0 62175 29 21 8 15 0 8 0 mtagpl 80 242 0 242 4 4 0 1 0 8 0 mbufpl 256 171948 0 171321 219 171 48 82 0 8 4 bufpl 256 42948 0 33911 566 0 566 566 0 8 0 anonpl 16 1102012 0 1086535 287 208 79 96 0 62 5 amapchunkpl 152 47281 0 47174 194 188 6 22 0 158 0 amappl16 192 58045 0 57169 469 417 52 65 0 8 7 amappl15 184 1111 0 1111 11 11 0 1 0 8 0 amappl14 176 3046 0 3040 2 1 1 1 0 8 0 amappl13 168 181 0 180 9 8 1 1 0 8 0 amappl12 160 1182 0 1179 1 0 1 1 0 8 0 amappl11 152 893 0 882 1 0 1 1 0 8 0 amappl10 144 601 0 600 1 0 1 1 0 8 0 amappl9 136 2439 0 2430 1 0 1 1 0 8 0 amappl8 128 2000 0 1948 3 1 2 2 0 8 0 amappl7 120 798 0 791 1 0 1 1 0 8 0 amappl6 112 814 0 806 1 0 1 1 0 8 0 amappl5 104 1691 0 1681 1 0 1 1 0 8 0 amappl4 96 7554 0 7524 1 0 1 1 0 8 0 amappl3 88 3531 0 3525 1 0 1 1 0 8 0 amappl2 80 66930 0 66863 4 2 2 3 0 8 0 amappl1 72 167406 0 167000 29 20 9 20 0 8 0 amappl 80 20152 0 20116 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 171 0 42 3 0 3 3 0 8 0 uaddrrnd 24 8719 0 8656 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 8719 0 8656 1 0 1 1 0 8 0 vmmpekpl 168 74250 0 74225 2 0 2 2 0 8 0 vmmpepl 168 1060662 0 1058712 575 458 117 133 0 357 22 vmsppl 272 8669 0 8656 8 7 1 2 0 8 0 pdppl 4096 17444 0 17410 8 3 5 6 0 8 0 pvpl 32 3033535 0 3014920 824 637 187 330 0 265 18 pmappl 200 8718 0 8705 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 1344 0 591 25 1 24 24 0 8 0