kernel: protection fault trap, code=0
Stopped at __x86_indirect_thunk_r11+0x14: ret
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
__x86_indirect_thunk_r11() at __x86_indirect_thunk_r11+0x14
rt_clone(ffff80002a0fe408,fffffd806f108480,0) at rt_clone+0x98 sys/net/route.c:383
route_mpath(fffffd806f108468,fffffd806349fe24,0,0) at route_mpath+0x170 rt_match sys/net/route.c:360 [inline]
route_mpath(fffffd806f108468,fffffd806349fe24,0,0) at route_mpath+0x170 rtalloc_mpath sys/net/route.c:476 [inline]
route_mpath(fffffd806f108468,fffffd806349fe24,0,0) at route_mpath+0x170 sys/net/route.c:255
in_pcbselsrc(ffff80002a0fe4f8,fffffd806349fe20,fffffd806f1083f0) at in_pcbselsrc+0x250
in_pcbconnect(fffffd806f1083f0,fffffd806349fe00) at in_pcbconnect+0x11a sys/netinet/in_pcb.c:522
udp_connect(ffff80000137e2d8,fffffd806349fe00) at udp_connect+0xe3 sys/netinet/udp_usrreq.c:1170
sys_connect(ffff800029fe6f60,ffff80002a0fe6f0,ffff80002a0fe640) at sys_connect+0x345 sys/kern/uipc_syscalls.c:422
syscall(ffff80002a0fe6f0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002a0fe6f0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xff648804900, count: -9
ddb{1}> show registers
rdi 0xffff80000128f800
rsi 0xb
rbp 0xffff80002a0fe2e0
rbx 0xffff800000b44500
rdx 0xfffffd806eff9460
rcx 0x883
rax 0xffffffff81008835 rtrequest+0xbb5
r8 0x100
r9 0
r10 0xbb69e77656b14b80
r11 0x4fc7900000000
r12 0xffff80002a0fe398
r13 0
r14 0xfffffd806eff9460
r15 0xffff80002a0fe2f8
rip 0xffffffff813c9304 __x86_indirect_thunk_r11+0x14
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a0fe1e0
ss 0x10
__x86_indirect_thunk_r11+0x14: ret
ddb{1}> show proc
PROC (syz-executor) tid=205953 pid=4361 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=83, usrpri=84, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff800029fe7980,0xffffffff8356c0f0
process=0xffff8000371af1f8 user=0xffff80002a0f9000, vmspace=0xfffffd806ca786f8
estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
4361 370959 17885 0 3 0x80 fsleep syz-executor
* 4361 205953 17885 0 7 0x4000000 syz-executor
78540 492308 31438 0 3 0x80 fsleep syz-executor
78540 247741 31438 0 3 0x4000080 rest syz-executor
35062 516356 8048 0 3 0x80 fsleep syz-executor
35062 158153 8048 0 3 0x4000080 sbwait syz-executor
92790 193958 22763 0 3 0x82 piperd syz-executor
58447 505282 22763 0 3 0x82 piperd syz-executor
17885 501441 22763 0 3 0x82 nanoslp syz-executor
67479 95349 22763 0 3 0x82 piperd syz-executor
94525 182675 22763 0 7 0x2 syz-executor
8048 82210 22763 0 3 0x82 nanoslp syz-executor
31438 365045 22763 0 3 0x82 nanoslp syz-executor
77455 113404 1 0 3 0x100083 ttyin getty
22025 375627 0 0 3 0x14200 bored sosplice
22763 159350 35838 0 3 0x82 wait syz-executor
35838 48153 6357 0 3 0x10008a sigsusp ksh
6357 400172 23043 0 3 0x98 kqread sshd-session
23043 438969 82614 0 3 0x92 kqread sshd-session
82614 14961 1 0 3 0x88 kqread sshd
53732 250479 18161 74 3 0x1100092 bpf pflogd
18161 326937 1 0 3 0x80 sbwait pflogd
75734 20614 22924 73 3 0x1100090 kqread syslogd
22924 322407 1 0 3 0x100082 sbwait syslogd
89141 17078 1 0 3 0x100080 kqread resolvd
3393 314778 84749 77 3 0x100092 kqread dhcpleased
90195 253411 84749 77 3 0x100092 kqread dhcpleased
84749 104661 1 0 3 0x80 kqread dhcpleased
90366 303301 0 0 3 0x14200 bored smr
2175 11229 0 0 2 0x14200 zerothread
32871 352321 0 0 3 0x14200 aiodoned aiodoned
46405 455257 0 0 3 0x14200 syncer update
47319 362424 0 0 3 0x14200 cleaner cleaner
50610 5684 0 0 3 0x14200 reaper reaper
78984 150869 0 0 3 0x14200 pgdaemon pagedaemon
14074 329608 0 0 3 0x14200 bored viomb
5237 149713 0 0 3 0x40014200 acpi0 acpi0
22527 195848 0 0 3 0x40014200 idle1
60576 2159 0 0 3 0x14200 bored softnet3
42581 333685 0 0 3 0x14200 bored softnet2
55748 502171 0 0 3 0x14200 bored softnet1
93652 114055 0 0 3 0x14200 bored softnet0
70884 499706 0 0 3 0x14200 bored systqmp
28423 129964 0 0 3 0x14200 bored systq
57864 214035 0 0 3 0x14200 tmoslp softclockmp
83394 194523 0 0 3 0x40014200 tmoslp softclock
73513 46819 0 0 3 0x40014200 idle0
1 37917 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 4361 (syz-executor) thread 0xffff800029fe6f60 (205953)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff835c1298)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rt_clone+0x72
#2 route_mpath+0x170 rt_match sys/net/route.c:360 [inline]
#2 route_mpath+0x170 rtalloc_mpath sys/net/route.c:476 [inline]
#2 route_mpath+0x170 sys/net/route.c:255
#3 in_pcbselsrc+0x250
#4 in_pcbconnect+0x11a sys/netinet/in_pcb.c:522
#5 udp_connect+0xe3 sys/netinet/udp_usrreq.c:1170
#6 sys_connect+0x345 sys/kern/uipc_syscalls.c:422
#7 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#7 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#8 Xsyscall+0x128
exclusive rwlock inet r = 0 (0xffff80000137e2f0)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 sys_connect+0x27f sys/kern/uipc_syscalls.c:413
#2 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#2 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#3 Xsyscall+0x128
shared rwlock netlock r = 0 (0xffffffff834a7990)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 solock_shared+0xcf
#2 sys_connect+0x27f sys/kern/uipc_syscalls.c:413
#3 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#3 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#4 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10207 11135K 11512K 166960K 12596 0
pcb 17 18K 19K 166960K 349 0
rtable 217 9K 9K 166960K 1263 0
pf 42 19K 23K 166960K 221 0
ifaddr 45 8K 9K 166960K 207 0
ifgroup 63 2K 2K 166960K 261 0
sysctl 4 1K 1K 166960K 8 0
counters 68 36K 37K 166960K 184 0
ioctlops 0 0K 4K 166960K 1670 0
iov 0 0K 16K 166960K 58 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1364 86K 86K 166960K 2590 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 5K 13K 166960K 22 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 144 0
dirhash 12 2K 2K 166960K 24 0
ACPI 1690 195K 286K 166960K 12468 0
file desc 13 45K 93K 166960K 1651 0
sigio 0 0K 0K 166960K 101 0
proc 72 91K 128K 166960K 1575 0
subproc 104 6K 6K 166960K 591 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 1 0K 0K 166960K 170 0
in_multi 89 6K 7K 166960K 435 0
ether_multi 1 0K 0K 166960K 8 0
mrt 1 0K 0K 166960K 3 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 103 466K 466K 166960K 103 0
exec 0 0K 1K 166960K 966 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 204 72K 91K 166960K 14992 0
UVM aobj 34 6K 6K 166960K 41 0
pinsyscall 38 76K 106K 166960K 3534 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 76 0
NDP 14 0K 2K 166960K 139 0
temp 79 6824K 6904K 166960K 72970 0
kqueue 13 20K 28K 166960K 204 0
SYN cache 2 10K 18K 166960K 3 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 139 0 136 1 0 1 1 0 8 0
rtentry 112 432 0 337 4 1 3 4 0 8 0
unpcb 144 937 0 918 11 7 4 6 0 8 3
syncache 336 11 0 11 4 4 0 1 0 8 0
tcpqe 32 3 0 3 2 2 0 1 0 8 0
tcpcb 808 498 0 491 14 12 2 8 0 8 1
arp 120 71 0 53 1 0 1 1 0 8 0
inpcb 336 2162 0 2149 23 18 5 12 0 8 3
nd6 136 106 0 84 1 0 1 1 0 8 0
pkpcb 40 67 0 67 2 2 0 1 0 8 0
kcovpl 48 45 0 37 1 0 1 1 0 8 0
ppxss 1168 18 0 18 4 3 1 1 0 8 1
pfstscr 40 3 0 3 3 2 1 1 0 8 1
pffrag 232 10 0 4 1 0 1 1 0 482 0
pffrnode 88 9 0 4 1 0 1 1 0 8 0
pffrent 40 14 0 8 1 0 1 1 0 8 0
pfosfp 40 1428 0 1428 5 5 0 5 0 8 0
pfosfpen 112 1428 0 1428 21 21 0 21 0 8 0
pfrktable 1344 5 0 2 1 0 1 1 0 8 0
pfanchor 1288 8 0 0 1 0 1 1 0 8 0
pftag 88 3 0 1 2 1 1 1 0 8 0
pfstitem 24 125 0 65 1 0 1 1 0 8 0
pfstkey 128 129 0 69 3 0 3 3 0 8 0
pfstate 376 127 0 68 7 0 7 7 0 8 0
pfrule 1344 38 0 27 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1693 0 1276 32 5 27 31 0 8 0
art_table 32 1694 0 1276 4 0 4 4 0 8 0
art_node 16 412 0 328 1 0 1 1 0 8 0
sysvmsgpl 40 13 0 8 1 0 1 1 0 8 0
semapl 112 140 0 130 1 0 1 1 0 8 0
shmpl 112 38 0 7 1 0 1 1 0 8 0
dirhash 1024 25 0 8 3 0 3 3 0 8 0
dino2pl 256 3542 0 1985 98 0 98 98 0 8 0
ffsino 272 3542 0 1985 104 0 104 104 0 8 0
nchpl 144 5279 0 3555 65 0 65 65 0 8 0
uvmvnodes 80 4516 0 0 93 0 93 93 0 8 0
vnodes 216 4516 0 0 251 0 251 251 0 8 0
namei 1024 20990 0 20990 3 2 1 2 0 8 1
percpumem 16 106 0 58 1 0 1 1 0 8 0
pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0
kstatmem 264 144 0 116 4 1 3 3 0 8 1
scsiplug 72 3 0 3 2 2 0 1 0 8 0
scxspl 216 27172 0 27171 13 11 2 8 1 8 1
plimitpl 152 349 0 332 1 0 1 1 0 8 0
sigapl 424 1886 0 1840 7 1 6 7 0 8 0
futexpl 64 16507 0 16504 2 1 1 1 0 8 0
knotepl 120 594 0 0 18 1 17 18 0 8 0
kqueuepl 216 425 0 416 6 5 1 4 0 8 0
pipepl 320 408 0 381 8 0 8 8 0 8 5
fdescpl 496 1867 0 1840 6 1 5 5 0 8 0
filepl 152 10995 0 10744 28 12 16 18 0 8 5
lockfpl 104 379 0 377 1 0 1 1 0 8 0
lockfspl 48 150 0 148 1 0 1 1 0 8 0
sessionpl 144 69 0 60 1 0 1 1 0 8 0
pgrppl 48 131 0 114 1 0 1 1 0 8 0
ucredpl 104 1431 0 1418 1 0 1 1 0 8 0
zombiepl 144 1841 0 1840 2 1 1 1 0 8 0
processpl 1160 1886 0 1840 5 1 4 5 0 8 0
procpl 648 3672 0 3623 7 1 6 7 0 8 0
srpgc 96 3 0 3 1 1 0 1 0 8 0
sosppl 168 12 0 12 3 3 0 1 0 8 0
sockpl 664 3322 0 3287 39 30 9 20 0 8 5
mcl64k 65536 3 0 0 1 0 1 1 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 142 0 0 18 0 18 18 0 8 0
mcl2k 2048 27 0 0 4 0 4 4 0 8 0
mtagpl 96 74 0 0 2 0 2 2 0 8 0
mbufpl 256 446 0 0 27 0 27 27 0 8 0
bufpl 280 7768 0 1594 442 0 442 442 0 8 0
anonpl 24 250059 0 246057 107 58 49 76 0 185 19
amapchunkpl 152 47259 0 46822 53 28 25 35 0 158 4
amappl16 200 4378 0 4351 49 38 11 15 0 8 8
amappl15 192 23 0 23 1 1 0 1 0 8 0
amappl14 184 179 0 167 1 0 1 1 0 8 0
amappl13 176 6 0 6 1 1 0 1 0 8 0
amappl12 168 2996 0 2969 4 2 2 3 0 8 0
amappl11 160 63 0 49 1 0 1 1 0 8 0
amappl10 152 10 0 10 1 1 0 1 0 8 0
amappl9 144 183 0 183 1 1 0 1 0 8 0
amappl8 136 25 0 21 1 0 1 1 0 8 0
amappl7 128 158 0 145 1 0 1 1 0 8 0
amappl6 120 473 0 472 1 0 1 1 0 8 0
amappl5 112 278 0 267 1 0 1 1 0 8 0
amappl4 104 428 0 407 1 0 1 1 0 8 0
amappl3 96 9611 0 9525 4 1 3 4 0 8 0
amappl2 88 1155 0 1086 2 0 2 2 0 8 0
amappl1 80 15630 0 15079 16 2 14 14 0 8 0
amappl 88 14295 0 14153 5 0 5 5 0 92 0
dma65536 65536 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma512 512 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 8 0 8 2 2 0 1 0 8 0
dma16 16 20 0 19 1 0 1 1 0 8 0
aobjpl 72 40 0 7 1 0 1 1 0 8 0
uaddrrnd 24 1867 0 1840 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1867 0 1840 1 0 1 1 0 8 0
vmmpekpl 168 16782 0 16726 4 0 4 4 0 8 0
vmmpepl 168 119114 0 117461 109 25 84 96 0 357 2
vmsppl 440 1866 0 1840 6 2 4 5 0 8 0
rwobjpl 56 37867 0 32421 80 2 78 78 0 8 0
pdppl 4096 3741 0 3680 148 75 73 85 0 8 12
pvpl 32 32572 0 0 263 0 263 263 0 265 0
pmappl 248 1866 0 1840 3 0 3 3 0 8 0
extentpl 40 55 0 38 1 0 1 1 0 8 0
phpool 112 491 0 123 11 0 11 11 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff8349dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff835c1090) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff835c1090) at __mp_lock+0x192 sys/kern/kern_lock.c:144
intr_handler(ffff8000311800f0,ffff800000079f80) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:553
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
__mp_lock(ffffffff835c1090) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff835c1090) at __mp_lock+0x199 sys/kern/kern_lock.c:144
syscall(ffff8000311802c0) at syscall+0x2cc mi_syscall sys/sys/syscall_mi.h:156 [inline]
syscall(ffff8000311802c0) at syscall+0x2cc sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x73db739adae0, count: -9
ddb{0}> machine ddbcpu 1
Stopped at __x86_indirect_thunk_r11+0x14: ret
ddb{1}> trace
__x86_indirect_thunk_r11() at __x86_indirect_thunk_r11+0x14
rt_clone(ffff80002a0fe408,fffffd806f108480,0) at rt_clone+0x98 sys/net/route.c:383
route_mpath(fffffd806f108468,fffffd806349fe24,0,0) at route_mpath+0x170 rt_match sys/net/route.c:360 [inline]
route_mpath(fffffd806f108468,fffffd806349fe24,0,0) at route_mpath+0x170 rtalloc_mpath sys/net/route.c:476 [inline]
route_mpath(fffffd806f108468,fffffd806349fe24,0,0) at route_mpath+0x170 sys/net/route.c:255
in_pcbselsrc(ffff80002a0fe4f8,fffffd806349fe20,fffffd806f1083f0) at in_pcbselsrc+0x250
in_pcbconnect(fffffd806f1083f0,fffffd806349fe00) at in_pcbconnect+0x11a sys/netinet/in_pcb.c:522
udp_connect(ffff80000137e2d8,fffffd806349fe00) at udp_connect+0xe3 sys/netinet/udp_usrreq.c:1170
sys_connect(ffff800029fe6f60,ffff80002a0fe6f0,ffff80002a0fe640) at sys_connect+0x345 sys/kern/uipc_syscalls.c:422
syscall(ffff80002a0fe6f0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002a0fe6f0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xff648804900, count: -9