kernel: protection fault trap, code=0
Stopped at icmp_mtudisc_timeout+0x123: movq 0(%rax),%rcx
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
icmp_mtudisc_timeout(fffffd806b6790c0,0) at icmp_mtudisc_timeout+0x123 sys/netinet/ip_icmp.c:1102
rt_timer_queue_flush(ffffffff839813a8) at rt_timer_queue_flush+0x28d sys/net/route.c:1586
ip_sysctl(ffff80002a346eac,1,0,ffff80002a346ed8,200000001300,4) at ip_sysctl+0x84d sys/netinet/ip_input.c:1750
net_sysctl(ffff80002a346ea4,3,0,ffff80002a346ed8,200000001300,4,4fc51ea41072f126) at net_sysctl+0x64e sys/kern/uipc_domain.c:260
sys_sysctl(ffff80002a322fd0,ffff80002a347010,ffff80002a346f60) at sys_sysctl+0x3e5 sys/kern/kern_sysctl.c:-1
syscall(ffff80002a347010) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a347010) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x551d5d2cc00, count: -7
ddb{0}> show registers
rdi 0x14
rsi 0x14
rbp 0xffff80002a346ce0
rbx 0xffff80002a346c01
rdx 0xffff80000147d4c0
rcx 0xffff80002a322fd0
rax 0x63d329d1220e24c9
r8 0xffffffff82047f10 tcp_mtudisc_increase
r9 0
r10 0x6ccc95ce3e65378f
r11 0xb8c5f8cae0759052
r12 0xffff800000039058
r13 0x14
r14 0
r15 0xfffffd806b6790c0
rip 0xffffffff828f5243 icmp_mtudisc_timeout+0x123
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a346c90
ss 0x10
icmp_mtudisc_timeout+0x123: movq 0(%rax),%rcx
ddb{0}> show proc
PROC (syz-executor) tid=207268 pid=38707 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=50, usrpri=50, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a3222d8,0xffff80002a322818
process=0xffff80003c4d1888 user=0xffff80002a342000, vmspace=0xfffffd806b8b73f0
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
419 340270 40296 0 7 0 syz-executor
419 79053 40296 0 2 0x4000000 syz-executor
22171 69027 4381 0 2 0 syz-executor
38707 414076 10517 0 2 0 syz-executor
*38707 207268 10517 0 7 0x4000000 syz-executor
70985 301713 72640 0 2 0 syz-executor
46255 510732 91928 0 2 0x2 arp
91928 79370 58273 0 3 0x10008a sigsusp sh
6211 431339 82201 0 2 0 syz-executor
6211 382271 82201 0 3 0x4000080 netcon syz-executor
6211 367967 82201 0 3 0x4000080 fsleep syz-executor
58273 143130 66262 0 3 0x82 wait syz-executor
33193 390601 0 0 3 0x14200 acct acct
85366 485643 87015 0 3 0x82 sbwait sshd-session
46127 55297 87015 0 3 0x82 sbwait sshd-session
72640 330649 66262 0 2 0x3 syz-executor
31059 445228 1 0 3 0x100083 ttyin getty
4381 197831 66262 0 2 0x3 syz-executor
10517 282669 66262 0 3 0x82 nanoslp syz-executor
466 269689 0 0 3 0x14200 bored sosplice
40296 392238 66262 0 2 0x3 syz-executor
60443 141391 66262 0 2 0x3 syz-executor
39542 519559 66262 0 2 0x3 syz-executor
82201 117138 66262 0 2 0x2 syz-executor
66262 14180 88540 0 2 0x3 syz-executor
88540 120269 68217 0 3 0x10008a sigsusp ksh
68217 261553 19870 0 3 0x98 kqread sshd-session
19870 7823 87015 0 3 0x92 kqread sshd-session
87015 351290 1 0 3 0x88 kqread sshd
13377 351993 14332 74 3 0x1100092 bpf pflogd
14332 420077 1 0 3 0x80 sbwait pflogd
93987 34124 80624 73 3 0x1100090 kqread syslogd
80624 443049 1 0 3 0x100082 sbwait syslogd
80688 248579 1 0 3 0x100080 kqread resolvd
89987 242601 19750 77 3 0x100092 kqread dhcpleased
6844 163203 19750 77 3 0x100092 kqread dhcpleased
19750 423177 1 0 3 0x80 kqread dhcpleased
37292 469626 0 0 3 0x14200 bored smr
25395 436603 0 0 2 0x14200 zerothread
80780 135891 0 0 3 0x14200 aiodoned aiodoned
34579 216951 0 0 3 0x14200 syncer update
87691 92600 0 0 3 0x14200 cleaner cleaner
29086 2510 0 0 3 0x14200 reaper reaper
23249 310260 0 0 3 0x14200 pgdaemon pagedaemon
12986 269677 0 0 3 0x14200 bored viomb
80363 68215 0 0 3 0x40014200 acpi0 acpi0
67819 512103 0 0 3 0x40014200 idle1
26921 82911 0 0 3 0x14200 bored softnet7
83026 415582 0 0 3 0x14200 bored softnet6
61423 36280 0 0 3 0x14200 bored softnet5
4332 99991 0 0 3 0x14200 bored softnet4
67704 285596 0 0 3 0x14200 bored softnet3
73621 86963 0 0 3 0x14200 bored softnet2
96244 420446 0 0 3 0x14200 bored softnet1
65536 340465 0 0 3 0x14200 bored softnet0
58894 501155 0 0 2 0x14200 systqmp
7413 369590 0 0 3 0x14200 bored systq
47802 229862 0 0 3 0x14200 tmoslp softclockmp
37196 346917 0 0 3 0x40014200 tmoslp softclock
31007 468894 0 0 3 0x40014200 idle0
1 314881 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
Process 38707 (syz-executor) thread 0xffff80002a322fd0 (207268)
exclusive rwlock netlock r = 0 (0xffffffff837b8b60)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 ip_sysctl+0x838 sys/netinet/ip_input.c:1749
#3 net_sysctl+0x64e sys/kern/uipc_domain.c:260
#4 sys_sysctl+0x3e5 sys/kern/kern_sysctl.c:-1
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748
#6 Xsyscall+0x128
Process 46255 (arp) thread 0xffff80002a323500 (510732)
exclusive rwlock vmmaplk r = 0 (0xfffffd806e3e44e0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5168
#3 uvm_map_protect+0xe0 sys/uvm/uvm_map.c:3064
#4 sys_mprotect+0x351 sys/uvm/uvm_mmap.c:590
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748
#6 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10274 11235K 11774K 166960K 15026 0
pcb 17 17K 30K 166960K 802 0
rtable 201 13K 14K 166960K 911 0
pf 44 19K 83K 166960K 301 0
ifaddr 37 6K 9K 166960K 209 0
ifgroup 65 2K 3K 166960K 356 0
sysctl 4 1K 9K 166960K 87 0
counters 70 37K 38K 166960K 452 0
ioctlops 0 0K 4K 166960K 2185 0
iov 0 0K 32K 166960K 142 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1528 96K 96K 166960K 4290 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 2K 6K 166960K 26 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 151 0
dirhash 12 2K 2K 166960K 51 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 240K 166960K 2811 0
sigio 1 0K 0K 166960K 39 0
proc 72 115K 164K 166960K 1253 0
subproc 72 4K 4K 166960K 198 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 468 0
in_multi 70 5K 7K 166960K 317 0
ether_multi 1 0K 0K 166960K 27 0
mrt 2 0K 0K 166960K 20 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 235 1049K 1049K 166960K 235 0
exec 0 0K 1K 166960K 1110 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 3 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 242 180K 194K 166960K 27093 0
UVM aobj 55 2K 2K 166960K 62 0
pinsyscall 47 94K 105K 166960K 4279 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 152 0
NDP 13 0K 2K 166960K 156 0
temp 78 8652K 8778K 166960K 124010 0
kqueue 13 20K 32K 166960K 515 0
SYN cache 2 8K 16K 166960K 3 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 356 0 352 4 3 1 3 0 8 0
rtentry 176 283 0 213 5 0 5 5 0 8 0
unpcb 144 2406 0 2385 19 17 2 6 0 8 0
syncache 336 11 0 11 2 2 0 1 0 8 0
tcpqe 32 3 0 3 1 1 0 1 0 8 0
tcpcb 736 907 0 893 15 13 2 7 0 8 0
arp 128 34 0 22 1 0 1 1 0 8 0
inpcb 328 2977 0 2959 28 23 5 13 0 8 2
nd6 144 53 0 38 1 0 1 1 0 8 0
pkpcb 40 83 0 83 5 4 1 1 0 8 1
kcovpl 48 22 0 14 1 0 1 1 0 8 0
mppekey 1024 2 0 2 1 1 0 1 0 8 0
ppxss 1192 156 0 156 2 1 1 1 0 8 1
pppxif 1504 10 0 10 6 6 0 1 0 8 0
pfstscr 40 5 0 4 1 0 1 1 0 8 0
pffrag 232 22 0 12 1 0 1 1 0 482 0
pffrnode 88 20 0 10 1 0 1 1 0 8 0
pffrent 40 41 0 30 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 1 0 1 1 1 0 1 0 8 0
pfanchor 1288 1 0 0 1 0 1 1 0 8 0
pfstitem 24 198 0 70 1 0 1 1 0 8 0
pfstkey 128 332 0 204 5 0 5 5 0 8 0
pfstate 384 264 0 137 14 0 14 14 0 8 0
pfrule 1344 28 0 23 2 1 1 2 0 8 0
rttmr 136 7 0 6 2 1 1 1 0 8 0
art_heap8 4096 3 0 0 3 0 3 3 0 8 0
art_heap4 256 1296 0 999 36 10 26 30 0 8 1
art_table 40 1299 0 999 5 0 5 5 0 8 0
art_node 32 281 0 219 1 0 1 1 0 8 0
sysvmsgpl 40 12 0 9 2 1 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 146 0 135 1 0 1 1 0 8 0
shmpl 112 59 0 7 2 0 2 2 0 8 0
dirhash 1024 43 0 26 3 0 3 3 0 8 0
dino2pl 256 6583 0 5054 96 0 96 96 0 8 0
ffsino 296 6583 0 5054 118 0 118 118 0 8 0
nchpl 144 10295 0 8566 65 0 65 65 0 8 0
rtmask 32 29 0 29 3 3 0 1 0 8 0
uvmvnodes 80 5927 0 0 121 0 121 121 0 8 0
vnodes 216 5927 0 0 330 0 330 330 0 8 0
namei 1024 38273 0 38272 2 1 1 2 0 8 0
percpumem 16 241 0 191 1 0 1 1 0 8 0
kstatmem 264 232 0 202 6 3 3 3 0 8 1
scsiplug 72 13 0 13 6 5 1 1 0 8 1
scxspl 216 66498 0 66498 16 14 2 8 1 8 2
plimitpl 152 538 0 521 1 0 1 1 0 8 0
sigapl 424 3102 0 3044 9 1 8 9 0 8 0
knotepl 120 635 0 0 19 0 19 19 0 8 0
kqueuepl 224 990 0 981 11 9 2 5 0 8 1
pipepl 344 487 0 460 9 6 3 9 0 8 0
fdescpl 528 3053 0 3019 3 0 3 3 0 8 0
filepl 160 22004 0 21779 33 19 14 21 0 8 1
lockfpl 104 1485 0 1483 4 2 2 2 0 8 1
lockfspl 48 545 0 543 1 0 1 1 0 8 0
sessionpl 144 43 0 32 1 0 1 1 0 8 0
pgrppl 48 97 0 78 1 0 1 1 0 8 0
ucredpl 104 3754 0 3739 1 0 1 1 0 8 0
zombiepl 144 4299 0 4298 1 0 1 1 0 8 0
processpl 1248 3102 0 3044 6 0 6 6 0 8 0
procpl 664 7428 0 7366 9 2 7 8 0 8 0
sosppl 168 27 0 26 6 5 1 1 0 8 0
sockpl 752 6101 0 6058 55 47 8 18 0 8 2
mcl64k 65536 17 0 0 3 0 3 3 0 8 0
mcl16k 16384 4 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 112 0 0 14 0 14 14 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 57 0 0 6 0 6 6 0 8 0
mtagpl 96 20 0 0 1 0 1 1 0 8 0
mbufpl 256 1573 0 0 97 0 97 97 0 8 0
bufpl 280 28659 0 22516 441 1 440 440 0 8 0
anonpl 32 12063 0 0 98 0 98 98 0 246 0
amapchunkpl 152 92043 0 91609 60 31 29 34 0 158 8
amappl16 200 9812 0 9778 43 31 12 22 0 8 2
amappl15 192 4 0 4 2 2 0 1 0 8 0
amappl14 184 158 0 144 1 0 1 1 0 8 0
amappl13 176 12 0 12 2 2 0 1 0 8 0
amappl12 168 3929 0 3896 4 2 2 3 0 8 0
amappl11 160 49 0 35 1 0 1 1 0 8 0
amappl10 152 3 0 3 1 1 0 1 0 8 0
amappl9 144 259 0 259 1 1 0 1 0 8 0
amappl8 136 23 0 20 1 0 1 1 0 8 0
amappl7 128 143 0 128 1 0 1 1 0 8 0
amappl6 120 325 0 318 1 0 1 1 0 8 0
amappl5 112 181 0 171 1 0 1 1 0 8 0
amappl4 104 349 0 327 1 0 1 1 0 8 0
amappl3 96 18816 0 18713 6 2 4 4 0 8 0
amappl2 88 896 0 819 2 0 2 2 0 8 0
amappl1 80 20909 0 20138 20 3 17 17 0 8 0
amappl 88 25720 0 25568 5 0 5 5 0 92 0
dma65536 65536 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma512 512 1 0 1 1 1 0 1 0 8 0
dma256 256 8 0 8 3 3 0 1 0 8 0
dma128 128 254 0 254 2 1 1 1 0 8 1
dma64 64 7 0 7 2 2 0 1 0 8 0
dma32 32 8 0 8 2 2 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 61 0 7 1 0 1 1 0 8 0
uaddrrnd 24 3053 0 3019 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3053 0 3019 1 0 1 1 0 8 0
vmmpekpl 168 24300 0 24254 3 0 3 3 0 8 0
vmmpepl 168 194345 0 192093 129 22 107 112 0 357 4
vmsppl 488 3052 0 3019 6 1 5 5 0 8 0
rwobjpl 80 56557 0 49448 152 2 150 151 0 8 1
pdppl 4096 6114 0 6038 130 52 78 88 0 8 2
pvpl 32 19715 0 0 159 0 159 159 0 265 0
pmappl 256 3052 0 3019 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 420 0 85 10 0 10 10 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
icmp_mtudisc_timeout(fffffd806b6790c0,0) at icmp_mtudisc_timeout+0x123 sys/netinet/ip_icmp.c:1102
rt_timer_queue_flush(ffffffff839813a8) at rt_timer_queue_flush+0x28d sys/net/route.c:1586
ip_sysctl(ffff80002a346eac,1,0,ffff80002a346ed8,200000001300,4) at ip_sysctl+0x84d sys/netinet/ip_input.c:1750
net_sysctl(ffff80002a346ea4,3,0,ffff80002a346ed8,200000001300,4,4fc51ea41072f126) at net_sysctl+0x64e sys/kern/uipc_domain.c:260
sys_sysctl(ffff80002a322fd0,ffff80002a347010,ffff80002a346f60) at sys_sysctl+0x3e5 sys/kern/kern_sysctl.c:-1
syscall(ffff80002a347010) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a347010) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x551d5d2cc00, count: -7
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
end of kernel
end trace frame: 0x7a5b87cadcf0, count: -3