kernel: protection fault trap, code=0
Stopped at icmp_mtudisc_timeout+0x111: movq 0(%rax),%rcx
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
icmp_mtudisc_timeout(fffffd806bb0b320,0) at icmp_mtudisc_timeout+0x111 sys/netinet/ip_icmp.c:1083
rt_timer_queue_flush(ffffffff83971a58) at rt_timer_queue_flush+0x281 sys/net/route.c:1580
ip_sysctl(ffff80003c4de8ac,1,0,ffff80003c4de8d8,400000001300,4) at ip_sysctl+0x7b4 sys/netinet/ip_input.c:1740
net_sysctl(ffff80003c4de8a4,3,0,ffff80003c4de8d8,400000001300,4,1f4a54ed39fd0ac6) at net_sysctl+0x64a sys/kern/uipc_domain.c:256
sys_sysctl(ffff80003acca2d0,ffff80003c4dea10,ffff80003c4de960) at sys_sysctl+0x425
syscall(ffff80003c4dea10) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c4dea10) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3505037f0a0, count: -7
ddb{1}> show registers
rdi 0x14
rsi 0x14
rbp 0xffff80003c4de6f0
rbx 0x3
rdx 0xffff8000016313c0
rcx 0xffff80003acca2d0
rax 0x22c648ba0f73c4b8
r8 0xffffffff820f4520 tcp_mtudisc_increase
r9 0
r10 0x1071057901b92c3
r11 0xc30f3b69f8a37b48
r12 0xffff800000039058
r13 0x14
r14 0
r15 0xfffffd806bb0b320
rip 0xffffffff82886fa1 icmp_mtudisc_timeout+0x111
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80003c4de6a0
ss 0x10
icmp_mtudisc_timeout+0x111: movq 0(%rax),%rcx
ddb{1}> show proc
PROC (syz-executor) tid=124204 pid=41322 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffffd9b0,0xffff80002a37d738
process=0xffff8000ffff7740 user=0xffff80003c4d9000, vmspace=0xfffffd806be8fc90
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
99845 423629 42223 0 7 0 syz-executor
41322 372172 49088 0 2 0 syz-executor
*41322 124204 49088 0 7 0x4000000 syz-executor
5859 390889 87620 0 3 0x80 nanoslp syz-executor
5859 137472 87620 0 3 0x4000080 ttyin syz-executor
73964 253441 9544 0 3 0x80 nanoslp syz-executor
73964 299125 9544 0 3 0x4000000 smrbar syz-executor
73964 489359 9544 0 3 0x4000080 fsleep syz-executor
74745 107781 19985 0 3 0x80 nanoslp syz-executor
74745 159703 19985 0 3 0x4000080 bell syz-executor
74745 75801 19985 0 3 0x4000080 kqsel syz-executor
74745 384401 19985 0 3 0x4000080 fsleep syz-executor
80468 267732 17689 0 3 0x80 nanoslp syz-executor
80468 501246 17689 0 3 0x4000080 pipewr syz-executor
80468 52821 17689 0 3 0x4000080 fsleep syz-executor
17689 292262 54705 0 3 0x82 nanoslp syz-executor
49345 337632 0 0 3 0x14200 acct acct
49088 323876 54705 0 3 0x82 nanoslp syz-executor
66445 412283 1 0 3 0x100083 ttyin getty
87620 476565 54705 0 3 0x82 nanoslp syz-executor
42223 113558 54705 0 3 0x82 nanoslp syz-executor
46235 99315 59086 0 3 0x82 sbwait sshd-session
46496 143454 59086 0 3 0x82 sbwait sshd-session
8054 109524 0 0 3 0x14200 bored sosplice
9544 272422 54705 0 3 0x82 nanoslp syz-executor
96803 109702 54705 0 3 0x82 nanoslp syz-executor
19985 235843 54705 0 3 0x82 nanoslp syz-executor
40957 181075 54705 0 3 0x2 biowait syz-executor
54705 460943 72884 0 2 0x2 syz-executor
72884 305485 59628 0 3 0x10008a sigsusp ksh
59628 351263 71417 0 3 0x98 kqread sshd-session
71417 320605 59086 0 3 0x92 kqread sshd-session
59086 354977 1 0 3 0x88 kqread sshd
76279 80646 51259 74 3 0x1100092 bpf pflogd
51259 496208 1 0 3 0x80 sbwait pflogd
50477 6889 67230 73 3 0x1100090 kqread syslogd
67230 479480 1 0 3 0x100082 sbwait syslogd
60110 429074 1 0 3 0x100080 kqread resolvd
99742 475082 44766 77 3 0x100092 kqread dhcpleased
937 493758 44766 77 3 0x100092 kqread dhcpleased
44766 128684 1 0 3 0x80 kqread dhcpleased
27612 125979 0 0 3 0x14200 bored smr
2735 230913 0 0 2 0x14200 zerothread
40941 361976 0 0 3 0x14200 aiodoned aiodoned
77678 436155 0 0 3 0x14200 syncer update
35953 373284 0 0 3 0x14200 cleaner cleaner
99397 12401 0 0 3 0x14200 reaper reaper
83497 302135 0 0 3 0x14200 pgdaemon pagedaemon
49831 83136 0 0 3 0x14200 bored viomb
14167 24538 0 0 3 0x40014200 acpi0 acpi0
86274 355021 0 0 3 0x40014200 idle1
87914 40408 0 0 3 0x14200 bored softnet3
11911 347953 0 0 3 0x14200 bored softnet2
68573 361500 0 0 3 0x14200 bored softnet1
86348 225347 0 0 3 0x14200 bored softnet0
28224 227360 0 0 3 0x14200 bored systqmp
59511 88617 0 0 3 0x14200 bored systq
82715 130661 0 0 3 0x14200 tmoslp softclockmp
52503 299556 0 0 3 0x40014200 tmoslp softclock
45024 215734 0 0 3 0x40014200 idle0
1 268106 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{1}> show all locks
Process 99845 (syz-executor) thread 0xffff80002a37d728 (423629)
Process 41322 (syz-executor) thread 0xffff80003acca2d0 (124204)
Process 73964 (syz-executor) thread 0xffff80002a3819c8 (299125)
Process 40957 (syz-executor) thread 0xffff80002a37c538 (181075)
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10249 11244K 12705K 166960K 15198 0
pcb 18 20K 22K 166960K 536 0
rtable 202 8K 10K 166960K 682 0
pf 39 18K 19K 166960K 230 0
ifaddr 39 7K 8K 166960K 141 0
ifgroup 62 2K 2K 166960K 254 0
sysctl 4 1K 1K 166960K 6 0
counters 68 36K 37K 166960K 226 0
ioctlops 0 0K 4K 166960K 1814 0
iov 0 0K 28K 166960K 95 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1535 96K 97K 166960K 3320 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 39 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 239 0
dirhash 12 2K 2K 166960K 45 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 110K 166960K 1993 0
sigio 0 0K 0K 166960K 50 0
proc 73 91K 140K 166960K 838 0
subproc 72 4K 4K 166960K 109 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 315 0
in_multi 75 5K 7K 166960K 243 0
ether_multi 1 0K 0K 166960K 43 0
mrt 2 0K 0K 166960K 13 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 235 1049K 1049K 166960K 235 0
exec 0 0K 1K 166960K 667 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 6 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 243 74K 87K 166960K 20475 0
UVM aobj 101 3K 3K 166960K 105 0
pinsyscall 46 92K 104K 166960K 3234 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 96 0
NDP 14 0K 2K 166960K 99 0
temp 82 8644K 8741K 166960K 75527 0
kqueue 15 24K 32K 166960K 348 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 301 0 298 3 0 3 3 0 8 2
rtentry 112 211 0 124 4 0 4 4 0 8 0
unpcb 144 1822 0 1803 15 13 2 9 0 8 1
syncache 336 12 0 12 4 4 0 1 0 8 0
tcpqe 32 2 0 2 1 1 0 1 0 8 0
tcpcb 808 944 0 934 16 11 5 11 0 8 3
arp 120 32 0 14 1 0 1 1 0 8 0
inpcb 376 2953 0 2939 30 20 10 15 0 8 8
nd6 136 42 0 23 1 0 1 1 0 8 0
pkpcb 40 17 0 17 3 2 1 1 0 8 1
kcovpl 48 12 0 4 1 0 1 1 0 8 0
ppxss 1168 53 0 52 2 1 1 1 0 8 0
pppxif 1472 8 0 8 3 2 1 1 0 8 1
pffrag 232 63 0 54 2 1 1 1 0 482 0
pffrnode 88 62 0 54 2 1 1 1 0 8 0
pffrent 40 181 0 172 2 1 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 144 0 47 1 0 1 1 0 8 0
pfstkey 128 144 0 47 4 0 4 4 0 8 0
pfstate 376 144 0 47 10 0 10 10 0 8 0
pfrule 1344 21 0 15 2 0 2 2 0 8 0
rttmr 136 3 0 2 1 0 1 1 0 8 0
art_heap8 4096 4 0 0 4 0 4 4 0 8 0
art_heap4 256 845 0 497 33 7 26 30 0 8 3
art_table 32 849 0 497 4 0 4 4 0 8 0
art_node 16 199 0 121 1 0 1 1 0 8 0
sysvmsgpl 40 5 0 3 1 0 1 1 0 8 0
semupl 112 1 0 1 1 0 1 1 0 8 1
semapl 112 237 0 227 1 0 1 1 0 8 0
shmpl 112 102 0 4 3 0 3 3 0 8 0
dirhash 1024 40 0 23 3 0 3 3 0 8 0
dino2pl 256 4918 0 3405 95 0 95 95 0 8 0
ffsino 280 4918 0 3405 109 0 109 109 0 8 0
nchpl 144 7601 0 5896 64 0 64 64 0 8 0
rtmask 32 5 0 5 3 2 1 1 0 8 1
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 26858 0 26858 2 1 1 2 0 8 1
percpumem 16 127 0 79 1 0 1 1 0 8 0
kstatmem 264 148 0 120 2 0 2 2 0 8 0
scsiplug 72 2 0 2 2 2 0 1 0 8 0
scxspl 216 26720 0 26719 15 14 1 8 1 8 0
plimitpl 152 516 0 497 1 0 1 1 0 8 0
sigapl 424 2314 0 2261 11 4 7 9 0 8 0
futexpl 64 30884 0 30881 1 0 1 1 0 8 0
knotepl 120 603 0 0 18 0 18 18 0 8 0
kqueuepl 216 1079 0 1066 10 5 5 5 0 8 4
pipepl 328 369 0 338 8 5 3 8 0 8 0
fdescpl 504 2268 0 2235 5 0 5 5 0 8 0
filepl 152 16431 0 16189 29 14 15 22 0 8 4
lockfpl 104 752 0 750 4 3 1 4 0 8 0
lockfspl 48 210 0 208 1 0 1 1 0 8 0
sessionpl 144 37 0 26 1 0 1 1 0 8 0
pgrppl 48 80 0 61 1 0 1 1 0 8 0
ucredpl 104 2205 0 2192 1 0 1 1 0 8 0
zombiepl 144 3192 0 3191 2 1 1 1 0 8 0
processpl 1176 2314 0 2261 6 1 5 6 0 8 0
procpl 656 5402 0 5340 9 2 7 8 0 8 0
srpgc 96 19 0 19 4 3 1 1 0 8 1
sosppl 168 11 0 11 4 3 1 1 0 8 1
sockpl 688 5202 0 5166 39 27 12 22 0 8 6
mcl64k 65536 5 0 0 1 0 1 1 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 6 0 0 1 0 1 1 0 8 0
mcl4k 4096 125 0 0 16 0 16 16 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 53 0 0 7 0 7 7 0 8 0
mtagpl 96 161 0 0 4 0 4 4 0 8 0
mbufpl 256 448 0 0 26 0 26 26 0 8 0
bufpl 280 8001 0 1847 440 0 440 440 0 8 0
anonpl 24 300408 0 295941 86 32 54 69 0 184 9
amapchunkpl 152 67202 0 66667 46 18 28 33 0 158 2
amappl16 200 6186 0 6149 56 42 14 27 0 8 8
amappl15 192 2 0 2 1 1 0 1 0 8 0
amappl14 184 143 0 129 1 0 1 1 0 8 0
amappl13 176 9 0 9 3 3 0 1 0 8 0
amappl12 168 2991 0 2959 4 1 3 3 0 8 0
amappl11 160 53 0 39 1 0 1 1 0 8 0
amappl10 152 9 0 9 1 1 0 1 0 8 0
amappl9 144 287 0 287 1 1 0 1 0 8 0
amappl8 136 23 0 20 1 0 1 1 0 8 0
amappl7 128 128 0 114 1 0 1 1 0 8 0
amappl6 120 228 0 222 1 0 1 1 0 8 0
amappl5 112 139 0 129 1 0 1 1 0 8 0
amappl4 104 371 0 352 1 0 1 1 0 8 0
amappl3 96 13716 0 13604 4 0 4 4 0 8 0
amappl2 88 813 0 737 2 0 2 2 0 8 0
amappl1 80 15947 0 15198 18 0 18 18 0 8 0
amappl 88 19903 0 19726 5 0 5 5 0 92 0
dma32768 32768 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 104 0 4 2 0 2 2 0 8 0
uaddrrnd 24 2268 0 2235 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2268 0 2235 1 0 1 1 0 8 0
vmmpekpl 168 19261 0 19207 4 0 4 4 0 8 0
vmmpepl 168 143815 0 141667 125 17 108 108 0 357 3
vmsppl 456 2267 0 2235 6 1 5 5 0 8 0
rwobjpl 64 44665 0 37493 122 1 121 121 0 8 2
pdppl 4096 4544 0 4470 114 38 76 84 0 8 2
pvpl 32 18375 0 0 150 2 148 148 0 265 0
pmappl 248 2267 0 2235 3 0 3 3 0 8 0
extentpl 40 55 0 38 1 0 1 1 0 8 0
phpool 112 334 0 65 8 0 8 8 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff837a8ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153
__mp_lock(ffffffff8399aeb0) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8399aeb0) at __mp_lock+0x1a3 sys/kern/kern_lock.c:144
intr_handler(ffff80002a394290,ffff800000079f00) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:553
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
pmap_enter(fffffd806bd294e8,853e41ea000,77cc9000,3,22) at pmap_enter+0xd4f sys/arch/amd64/amd64/pmap.c:2966
uvm_fault_upper(ffff80002a394678,ffff80002a3946b0,ffff80002a394570) at uvm_fault_upper+0x32f sys/uvm/uvm_fault.c:1100
uvm_fault(fffffd807eb8cc78,853e41ea000,0,2) at uvm_fault+0x19c sys/uvm/uvm_fault.c:676
upageflttrap(ffff80002a394800,853e41eae10) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188
usertrap(ffff80002a394800) at usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x708e180aebc0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at icmp_mtudisc_timeout+0x111: movq 0(%rax),%rcx
ddb{1}> trace
icmp_mtudisc_timeout(fffffd806bb0b320,0) at icmp_mtudisc_timeout+0x111 sys/netinet/ip_icmp.c:1083
rt_timer_queue_flush(ffffffff83971a58) at rt_timer_queue_flush+0x281 sys/net/route.c:1580
ip_sysctl(ffff80003c4de8ac,1,0,ffff80003c4de8d8,400000001300,4) at ip_sysctl+0x7b4 sys/netinet/ip_input.c:1740
net_sysctl(ffff80003c4de8a4,3,0,ffff80003c4de8d8,400000001300,4,1f4a54ed39fd0ac6) at net_sysctl+0x64a sys/kern/uipc_domain.c:256
sys_sysctl(ffff80003acca2d0,ffff80003c4dea10,ffff80003c4de960) at sys_sysctl+0x425
syscall(ffff80003c4dea10) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c4dea10) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3505037f0a0, count: -7