panic: attempt to execute user address 0x0 in supervisor mode Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *366144 60367 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x3eb kerntrap(ffff80001595adc0) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800015974000,fffffd802eac6698,10,ffff80000005b720,ffff80001595b028) at alltraps_kern_meltdown+0x7b 0(b,ffff80001595af88,83,ffff80001595b028,0,b) at 0 rt_match(fffffd8037010b70,0,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd8037010b70,0,1,0) at rt_match+0xbe sys/net/route.c:242 in_pcbselsrc(ffff80001595b100,fffffd80350c6720,fffffd8037010af0) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd8037010af0,fffffd80350c6700) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 udp_usrreq(fffffd8037011a80,4,0,fffffd80350c6700,0,ffff800015954018) at udp_usrreq+0x560 sys_connect(ffff800015954018,ffff80001595b288,ffff80001595b2d0) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff80001595b350) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,fc34828e010) at Xsyscall+0x128 end of kernel end trace frame: 0xfc586706660, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic attempt to execute user address 0x0 in supervisor mode ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x3eb kerntrap(ffff80001595adc0) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800015974000,fffffd802eac6698,10,ffff80000005b720,ffff80001595b028) at alltraps_kern_meltdown+0x7b 0(b,ffff80001595af88,83,ffff80001595b028,0,b) at 0 rt_match(fffffd8037010b70,0,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd8037010b70,0,1,0) at rt_match+0xbe sys/net/route.c:242 in_pcbselsrc(ffff80001595b100,fffffd80350c6720,fffffd8037010af0) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd8037010af0,fffffd80350c6700) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 udp_usrreq(fffffd8037011a80,4,0,fffffd80350c6700,0,ffff800015954018) at udp_usrreq+0x560 sys_connect(ffff800015954018,ffff80001595b288,ffff80001595b2d0) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff80001595b350) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,fc34828e010) at Xsyscall+0x128 end of kernel end trace frame: 0xfc586706660, count: -13 ddb> show registers rdi 0xffffffff811edc87 db_enter+0x17 rsi 0x21f1 __ALIGN_SIZE+0x11f1 rbp 0xffff80001595ac30 rbx 0xffff80001595ace0 rdx 0x21f2 __ALIGN_SIZE+0x11f2 rcx 0xffff800015974000 rax 0xffff800015974000 r8 0xffff80001595abf0 r9 0x1 r10 0xffff800000a41480 r11 0xf70ba22fee54af31 r12 0x3000000008 r13 0xffff80001595ac40 r14 0x100 r15 0x1 rip 0xffffffff811edc88 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001595ac20 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=366144 stat=onproc flags process=0 proc=4000000 pri=82, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff8000159558c8,0xffffffff82558bf8 process=0xffff8000ffff70f0 user=0xffff800015956000, vmspace=0xfffffd803f013cc0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 60367 24260 59053 0 2 0 syz-executor.1 *60367 366144 59053 0 7 0x4000000 syz-executor.1 59053 239934 93155 0 3 0x82 nanosleep syz-executor.1 4227 45109 93155 0 2 0x2 syz-executor.0 77248 386783 0 0 3 0x14200 bored sosplice 93155 166424 58 0 3 0x82 thrsleep syz-fuzzer 93155 315976 58 0 3 0x4000082 nanosleep syz-fuzzer 93155 37606 58 0 3 0x4000082 kqread syz-fuzzer 93155 270025 58 0 3 0x4000082 thrsleep syz-fuzzer 93155 45828 58 0 3 0x4000082 thrsleep syz-fuzzer 93155 215816 58 0 3 0x4000082 thrsleep syz-fuzzer 93155 429913 58 0 3 0x4000082 thrsleep syz-fuzzer 93155 414761 58 0 3 0x4000082 thrsleep syz-fuzzer 58 67791 21710 0 3 0x10008a pause ksh 21710 278793 47206 0 3 0x92 select sshd 61863 426368 1 0 3 0x100083 ttyin getty 47206 166584 1 0 3 0x80 select sshd 64290 235201 26971 73 3 0x100090 kqread syslogd 26971 80515 1 0 3 0x100082 netio syslogd 23009 350591 0 0 2 0x14200 zerothread 62360 306059 0 0 3 0x14200 aiodoned aiodoned 756 99801 0 0 3 0x14200 syncer update 90703 78750 0 0 3 0x14200 cleaner cleaner 80260 136426 0 0 3 0x14200 reaper reaper 38315 504154 0 0 3 0x14200 pgdaemon pagedaemon 77192 286907 0 0 3 0x14200 bored crynlk 12195 343683 0 0 3 0x14200 bored crypto 12919 44188 0 0 3 0x40014200 acpi0 acpi0 95118 338851 0 0 3 0x14200 bored softnet 11196 265558 0 0 3 0x14200 bored systqmp 69788 411005 0 0 3 0x14200 bored systq 62328 166568 0 0 3 0x40014200 bored softclock 57707 160758 0 0 3 0x40014200 idle0 68925 321593 0 0 3 0x14200 bored smr 1 415091 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9595 6320K 8505K 78643K 37825 0 0 pcb 13 9K 9K 78643K 1093 0 0 rtable 104 8K 9K 78643K 1566 0 0 ifaddr 99 21K 23K 78643K 974 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 215 0 0 iov 0 0K 32K 78643K 1270 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1215 76K 78K 78643K 9342 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 56 0 0 VM map 2 0K 0K 78643K 34 0 0 sem 12 0K 0K 78643K 1895 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 5169 0 0 sigio 0 0K 0K 78643K 41 0 0 proc 45 30K 55K 78643K 1992 0 0 subproc 32 2K 2K 78643K 573 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 258 0 0 in_multi 20 1K 2K 78643K 516 0 0 ether_multi 1 0K 0K 78643K 13 0 0 mrt 0 0K 0K 78643K 17 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 96 424K 424K 78643K 96 0 0 exec 0 0K 1K 78643K 1124 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 107 22K 38K 78643K 13747 0 0 UVM aobj 130 4K 4K 78643K 140 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 1071 0 0 NDP 24 0K 1K 78643K 310 0 0 temp 254 3537K 4177K 78643K 132951 0 0 kqueue 0 0K 0K 78643K 31 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 116 0 111 1 0 1 1 0 8 0 rtpcb 80 466 0 466 18 18 0 1 0 8 0 rtentry 112 572 0 536 2 0 2 2 0 8 0 unpcb 120 8163 0 8155 1 0 1 1 0 8 0 syncache 264 18 0 18 9 8 1 1 0 8 1 sackhl 24 3 0 3 3 3 0 1 0 8 0 tcpqe 32 7696 0 7696 4 4 0 1 0 8 0 tcpcb 544 1535 0 1530 2 1 1 2 0 8 0 ipq 40 44 0 44 13 12 1 1 0 8 1 ipqe 40 104 0 104 13 12 1 1 0 8 1 inpcb 280 6150 0 6143 27 25 2 2 0 8 1 rttmr 72 6 0 5 1 0 1 1 0 8 0 nd6 48 76 0 75 6 5 1 1 0 8 0 pkpcb 40 28 0 28 11 11 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 120 0 120 19 18 1 1 0 8 1 art_heap8 4096 10 0 8 10 8 2 3 0 8 0 art_heap4 256 2333 0 2117 38 24 14 18 0 8 0 art_table 32 2343 0 2125 6 4 2 3 0 8 0 art_node 16 565 0 532 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 12 3 3 0 1 0 8 0 semapl 112 1893 0 1883 1 0 1 1 0 8 0 shmpl 112 138 0 10 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 9540 0 8141 46 0 46 46 0 8 0 ffsino 240 9540 0 8141 83 0 83 83 0 8 0 nchpl 144 16841 0 15229 61 0 61 61 0 8 0 uvmvnodes 72 8217 0 0 150 0 150 150 0 8 0 vnodes 208 8217 0 0 433 0 433 433 0 8 0 namei 1024 62992 0 62992 6 5 1 1 0 8 1 vmpool 520 32 0 32 13 13 0 1 0 8 0 scsiplug 64 10 0 10 8 8 0 1 0 8 0 scxspl 192 69551 0 69551 26 24 2 7 0 8 2 plimitpl 152 453 0 447 1 0 1 1 0 8 0 sigapl 432 5247 0 5236 2 0 2 2 0 8 0 futexpl 56 133803 0 133803 6 5 1 1 0 8 1 knotepl 112 1431 0 1412 3 2 1 2 0 8 0 kqueuepl 104 1332 0 1329 1 0 1 1 0 8 0 pipepl 112 2996 0 2975 10 9 1 2 0 8 0 fdescpl 424 5248 0 5236 2 0 2 2 0 8 0 filepl 120 49025 0 48935 12 7 5 5 0 8 2 lockfpl 104 2016 0 2016 5 4 1 1 0 8 1 lockfspl 48 690 0 690 5 4 1 1 0 8 1 sessionpl 112 48 0 40 1 0 1 1 0 8 0 pgrppl 48 88 0 80 1 0 1 1 0 8 0 ucredpl 96 7366 0 7360 1 0 1 1 0 8 0 zombiepl 144 5238 0 5238 3 2 1 1 0 8 1 processpl 864 5265 0 5238 4 0 4 4 0 8 0 procpl 632 11464 0 11429 4 0 4 4 0 8 0 sosppl 128 91 0 91 15 15 0 1 0 8 0 sockpl 384 14927 0 14912 25 21 4 4 0 8 2 mcl64k 65536 2427 0 2427 189 188 1 64 0 8 1 mcl16k 16384 45 0 45 22 21 1 1 0 8 1 mcl12k 12288 117 0 117 18 17 1 1 0 8 1 mcl9k 9216 96 0 96 17 16 1 1 0 8 1 mcl8k 8192 228 0 228 12 11 1 1 0 8 1 mcl4k 4096 571 0 571 6 5 1 1 0 8 1 mcl2k2 2112 60 0 60 20 19 1 1 0 8 1 mcl2k 2048 60368 0 60325 25 19 6 17 0 8 0 mtagpl 80 244 0 231 9 8 1 1 0 8 0 mbufpl 256 129075 0 128989 136 130 6 37 0 8 0 bufpl 256 28121 0 19186 559 0 559 559 0 8 0 anonpl 16 674947 0 659622 241 166 75 81 0 62 9 amapchunkpl 152 29881 0 29783 128 122 6 15 0 158 0 amappl16 192 30635 0 29746 236 187 49 58 0 8 4 amappl15 184 1552 0 1547 1 0 1 1 0 8 0 amappl14 176 1078 0 1073 2 1 1 1 0 8 0 amappl13 168 384 0 384 3 3 0 1 0 8 0 amappl12 160 526 0 523 1 0 1 1 0 8 0 amappl11 152 1040 0 1036 1 0 1 1 0 8 0 amappl10 144 125 0 124 6 5 1 1 0 8 0 amappl9 136 1596 0 1590 1 0 1 1 0 8 0 amappl8 128 1107 0 1068 4 2 2 2 0 8 0 amappl7 120 288 0 281 1 0 1 1 0 8 0 amappl6 112 984 0 972 1 0 1 1 0 8 0 amappl5 104 923 0 915 1 0 1 1 0 8 0 amappl4 96 5365 0 5337 1 0 1 1 0 8 0 amappl3 88 1387 0 1382 1 0 1 1 0 8 0 amappl2 80 40233 0 40170 4 2 2 3 0 8 0 amappl1 72 107592 0 107207 26 16 10 20 0 8 0 amappl 80 12217 0 12186 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 139 0 10 3 0 3 3 0 8 0 uaddrrnd 24 5280 0 5236 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5280 0 5236 1 0 1 1 0 8 0 vmmpekpl 168 36368 0 36342 2 0 2 2 0 8 0 vmmpepl 168 637599 0 635709 377 272 105 121 0 357 14 vmsppl 272 5247 0 5236 2 1 1 2 0 8 0 pdppl 4096 10566 0 10536 9 4 5 6 0 8 0 pvpl 32 2032587 0 2014245 646 406 240 291 0 265 84 pmappl 200 5279 0 5268 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 1104 0 419 21 0 21 21 0 8 0