kernel: protection fault trap, code=0 Stopped at in_pcb_iterator+0x12b: movq %rcx,0x8(%rdx) ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace in_pcb_iterator(ffffffff8396b598,fffffd807818d148,ffff80003c9e5838) at in_pcb_iterator+0x12b sys/netinet/in_pcb.c:699 sysctl_file(ffff80003c9e5b38,4,200000000100,ffff80003c9e5b68,ffff80002a848d00) at sysctl_file+0xc57 sys/kern/kern_sysctl.c:-1 kern_sysctl(ffff80003c9e5b34,5,200000000100,ffff80003c9e5b68,0,37,9da5c9272c5fd11d) at kern_sysctl+0x167 sys/kern/kern_sysctl.c:526 sys_sysctl(ffff80002a848d00,ffff80003c9e5ca0,ffff80003c9e5bf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1 syscall(ffff80003c9e5ca0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9e5ca0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbeea7321530, count: -6 ddb> show registers rdi 0xffff800033926000 rsi 0x1e3 rbp 0xffff80003c9e5810 rbx 0 rdx 0x3f7ae8c55fc97732 rcx 0xffff80003c9e5840 rax 0xfffffd807818d008 r8 0x1c8 r9 0 r10 0x999ae9aab8bba9d0 r11 0xb574cb6c32751b6f r12 0xfffffd807818d148 r13 0xfffffd807818d000 r14 0xffffffff8396b5a8 tcbtable+0x10 r15 0xffff80003c9e5838 rip 0xffffffff830ab85b in_pcb_iterator+0x12b cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80003c9e57b0 ss 0x10 in_pcb_iterator+0x12b: movq %rcx,0x8(%rdx) ddb> show proc PROC (syz-executor) tid=69273 pid=32556 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=82, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a8482c0,0xffff80002a8494c0 process=0xffff80002a7856b0 user=0xffff80003c9e0000, vmspace=0xfffffd807ace25a8 estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 65061 106368 38469 0 2 0x10 syz-executor 65061 286470 38469 0 3 0x4000090 fsleep syz-executor 32556 272788 22116 0 2 0 syz-executor *32556 69273 22116 0 7 0x4000000 syz-executor 32556 291980 22116 0 3 0x4000080 fsleep syz-executor 49415 370519 49154 0 2 0 syz-executor 49415 283087 49154 0 3 0x4000080 fsleep syz-executor 49415 126021 49154 0 3 0x4000080 fsleep syz-executor 29570 111682 99572 0 2 0x10 syz-executor 29570 517144 99572 0 3 0x4000090 fsleep syz-executor 2859 237204 96463 0 2 0 syz-executor 2859 160169 96463 0 3 0x4000080 fsleep syz-executor 2859 476009 96463 0 2 0x4000000 syz-executor 28644 331439 91118 0 2 0 syz-executor 28644 381823 91118 0 2 0x4000000 syz-executor 92237 456252 0 0 3 0x14200 bored sosplice 65386 300061 0 0 3 0x14280 nfsidl nfsio 64601 400038 0 0 3 0x14280 nfsidl nfsio 49119 454022 0 0 3 0x14280 nfsidl nfsio 93693 169557 0 0 3 0x14280 nfsidl nfsio 37146 28078 0 0 3 0x14280 nfsidl nfsio 79040 258056 0 0 3 0x14280 nfsidl nfsio 73773 165146 0 0 3 0x14280 nfsidl nfsio 75241 391408 0 0 3 0x14280 nfsidl nfsio 50728 233896 0 0 3 0x14280 nfsidl nfsio 61453 415615 0 0 3 0x14280 nfsidl nfsio 11799 456717 0 0 3 0x14280 nfsidl nfsio 95944 186113 0 0 3 0x14280 nfsidl nfsio 99922 439860 0 0 3 0x14280 nfsidl nfsio 78408 135075 0 0 3 0x14280 nfsidl nfsio 43724 138161 0 0 3 0x14280 nfsidl nfsio 33780 379320 0 0 3 0x14280 nfsidl nfsio 7844 171615 0 0 3 0x14280 nfsidl nfsio 36718 60575 0 0 3 0x14280 nfsidl nfsio 17020 100578 0 0 3 0x14280 nfsidl nfsio 31395 57134 0 0 3 0x14280 nfsidl nfsio 49154 439718 53022 0 3 0x82 nanoslp syz-executor 8936 301832 53022 0 2 0x2 syz-executor 96463 164523 53022 0 3 0x82 nanoslp syz-executor 99572 506148 53022 0 3 0x82 nanoslp syz-executor 38469 170889 53022 0 3 0x82 nanoslp syz-executor 22116 125035 53022 0 3 0x82 nanoslp syz-executor 91118 276450 53022 0 3 0x82 nanoslp syz-executor 26189 55971 53022 0 3 0x82 nanoslp syz-executor 53022 193320 65430 0 3 0x82 kqread syz-executor 65430 251407 54419 0 3 0x10008a sigsusp ksh 54419 179545 83887 0 3 0x98 kqread sshd-session 83887 102677 11134 0 3 0x92 kqread sshd-session 31375 52368 1 0 3 0x100083 ttyin getty 11134 451847 1 0 3 0x88 kqread sshd 64768 515794 41476 73 3 0x1100090 kqread syslogd 41476 343891 1 0 3 0x100082 sbwait syslogd 76287 46199 1 0 3 0x100080 kqread resolvd 50279 115877 49627 77 3 0x100092 kqread dhcpleased 85954 118089 49627 77 3 0x100092 kqread dhcpleased 49627 32174 1 0 3 0x80 kqread dhcpleased 87840 357079 0 0 3 0x14200 bored smr 77582 209398 0 0 2 0x14200 zerothread 21773 35958 0 0 3 0x14200 aiodoned aiodoned 42433 159894 0 0 3 0x14200 syncer update 85297 27450 0 0 3 0x14200 cleaner cleaner 57708 302654 0 0 3 0x14200 reaper reaper 97371 453548 0 0 3 0x14200 pgdaemon pagedaemon 31611 453545 0 0 3 0x14200 bored viomb 46700 179229 0 0 3 0x40014200 acpi0 acpi0 6245 90158 0 0 3 0x14200 bored softnet3 10679 230886 0 0 3 0x14200 bored softnet2 25771 251787 0 0 3 0x14200 bored softnet1 86719 57916 0 0 3 0x14200 bored softnet0 12555 135944 0 0 3 0x14200 bored systqmp 53575 493150 0 0 3 0x14200 bored systq 52935 27538 0 0 3 0x40014200 tmoslp softclock 73645 77351 0 0 3 0x40014200 idle0 1 283915 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10203 11117K 11261K 166960K 11876 0 pcb 17 12K 12K 166960K 109 0 rtable 225 18K 18K 166960K 494 0 pf 33 13K 20K 166960K 94 0 ifaddr 41 7K 7K 166960K 82 0 ifgroup 52 2K 2K 166960K 130 0 sysctl 4 1K 9K 166960K 19 0 counters 35 18K 18K 166960K 76 0 ioctlops 0 0K 4K 166960K 103 0 iov 0 0K 16K 166960K 26 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1342 84K 84K 166960K 1841 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 11 0 VM map 2 1K 1K 166960K 2 0 sem 10 68K 68K 166960K 14 0 dirhash 9 1K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 93K 166960K 2113 0 sigio 0 0K 0K 166960K 7 0 proc 62 59K 91K 166960K 551 0 subproc 72 4K 4K 166960K 102 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 76 0 in_multi 92 6K 7K 166960K 147 0 ether_multi 1 0K 0K 166960K 11 0 mrt 0 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 430 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 220 143K 158K 166960K 18532 0 UVM aobj 12 4K 4K 166960K 13 0 pinsyscall 39 78K 94K 166960K 3171 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 26 0 NDP 12 0K 1K 166960K 54 0 temp 47 8681K 8792K 166960K 30519 0 kqueue 13 20K 26K 166960K 135 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 80 0 77 1 0 1 1 0 8 0 rtentry 136 140 0 47 4 0 4 4 0 8 0 unpcb 144 250 0 235 1 0 1 1 0 8 0 syncache 336 4 0 4 2 1 1 1 0 8 1 tcpcb 736 113 0 108 1 0 1 1 0 8 0 arp 88 22 0 5 1 0 1 1 0 8 0 ipq 40 4 0 4 1 0 1 1 0 8 1 ipqe 40 4 0 4 1 0 1 1 0 8 1 inpcb 328 461 0 451 2 0 2 2 0 8 0 pool(inpcb): free list modified: page 0xfffffd807818d000; item ordinal 0; addr 0xfffffd807818d000 (p 0xfffffd807818d000); offset 0x0=0x7818d150 ip6q 72 3 0 3 1 0 1 1 0 8 1 ip6af 40 3 0 3 1 0 1 1 0 8 1 nd6 104 31 0 9 1 0 1 1 0 8 0 pkpcb 40 5 0 5 1 0 1 1 0 8 1 kcovpl 48 12 0 4 1 0 1 1 0 8 0 ppxss 1072 33 0 30 1 0 1 1 0 8 0 pppxif 1384 4 0 4 1 0 1 1 0 8 1 pfstscr 40 1 0 1 1 0 1 1 0 8 1 pfrktable 1344 1 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstkey 128 1 0 1 1 0 1 1 0 8 1 pfstate 384 1 0 1 1 0 1 1 0 8 1 pfrule 1344 1 0 0 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 576 0 165 29 0 29 29 0 8 3 art_table 32 578 0 165 4 0 4 4 0 8 0 art_node 16 136 0 52 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 2 1 0 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 10 0 2 1 0 1 1 0 8 0 shmpl 112 10 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 10 3 0 3 3 0 8 1 dino2pl 256 4030 0 2491 97 0 97 97 0 8 0 ffsino 248 4030 0 2491 97 0 97 97 0 8 0 nchpl 144 6290 0 5734 64 34 30 64 0 8 8 rtmask 32 9 0 7 1 0 1 1 0 8 0 uvmvnodes 80 4371 0 0 90 0 90 90 0 8 0 vnodes 216 4371 0 0 243 0 243 243 0 8 0 namei 1024 15534 0 15534 6 3 3 3 0 8 3 kstatmem 264 72 0 48 2 0 2 2 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 5 0 5 1 0 1 1 0 8 1 scxspl 216 19637 0 19637 10 2 8 8 1 8 8 plimitpl 152 114 0 97 1 0 1 1 0 8 0 sigapl 424 2368 0 2301 8 0 8 8 0 8 0 knotepl 120 65941 0 65894 17 7 10 17 0 8 8 kqueuepl 184 164 0 155 1 0 1 1 0 8 0 pipepl 296 185 0 158 3 0 3 3 0 8 0 fdescpl 440 2331 0 2301 5 1 4 5 0 8 0 filepl 120 5324 0 5112 7 0 7 7 0 8 0 lockfpl 104 175 0 173 1 0 1 1 0 8 0 lockfspl 48 79 0 77 1 0 1 1 0 8 0 sessionpl 144 42 0 34 1 0 1 1 0 8 0 pgrppl 48 74 0 58 1 0 1 1 0 8 0 ucredpl 104 659 0 644 1 0 1 1 0 8 0 zombiepl 144 2727 0 2726 3 2 1 1 0 8 0 processpl 1160 2368 0 2301 5 0 5 5 0 8 0 procpl 656 4684 0 4608 7 0 7 7 0 8 0 sosppl 168 1 0 1 1 0 1 1 0 8 1 sockpl 528 805 0 776 3 0 3 3 0 8 0 mcl64k 65536 361 0 361 3 2 1 1 0 8 1 mcl16k 16384 352 0 352 2 1 1 1 0 8 1 mcl12k 12288 335 0 335 2 1 1 1 0 8 1 mcl9k 9216 100 0 100 3 2 1 1 0 8 1 mcl8k 8192 571 0 571 4 3 1 1 0 8 1 mcl4k 4096 6646 0 6597 17 10 7 16 0 8 0 mcl2k2 2112 6 0 6 3 2 1 1 0 8 1 mcl2k 2048 447 0 444 2 1 1 1 0 8 0 mtagpl 96 21 0 7 3 2 1 1 0 8 0 mbufpl 256 26494 0 26283 17 1 16 16 0 8 1 bufpl 280 4926 0 120 344 0 344 344 0 8 0 anonpl 24 238325 0 235329 45 2 43 43 0 187 20 amapchunkpl 152 62103 0 61655 38 7 31 31 0 158 13 amappl16 200 2830 0 2798 18 8 10 14 0 8 8 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 106 0 96 1 0 1 1 0 8 0 amappl13 176 11 0 11 2 1 1 1 0 8 1 amappl12 168 3042 0 3013 2 0 2 2 0 8 0 amappl11 160 65 0 55 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 1 0 1 0 8 0 amappl9 144 256 0 256 1 1 0 1 0 8 0 amappl8 136 18 0 17 1 0 1 1 0 8 0 amappl7 128 104 0 94 1 0 1 1 0 8 0 amappl6 120 178 0 173 1 0 1 1 0 8 0 amappl5 112 171 0 165 1 0 1 1 0 8 0 amappl4 104 287 0 273 1 0 1 1 0 8 0 amappl3 96 13494 0 13391 3 0 3 3 0 8 0 amappl2 88 626 0 572 2 0 2 2 0 8 0 amappl1 80 15902 0 15360 13 1 12 13 0 8 0 amappl 88 17682 0 17524 5 1 4 4 0 92 0 dma16384 16384 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 255 0 255 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 12 0 1 1 0 1 1 0 8 0 uaddrrnd 24 2331 0 2301 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2331 0 2301 1 0 1 1 0 8 0 vmmpekpl 168 15820 0 15778 3 0 3 3 0 8 0 vmmpepl 168 137063 0 135191 99 7 92 92 0 357 10 vmsppl 360 2330 0 2301 4 1 3 4 0 8 0 rwobjpl 32 34973 0 29758 43 0 43 43 0 8 0 pdppl 4096 4668 0 4602 107 41 66 80 0 8 0 pvpl 32 873189 0 864362 115 1 114 114 0 265 36 pmappl 216 2330 0 2301 3 1 2 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 297 0 65 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace in_pcb_iterator(ffffffff8396b598,fffffd807818d148,ffff80003c9e5838) at in_pcb_iterator+0x12b sys/netinet/in_pcb.c:699 sysctl_file(ffff80003c9e5b38,4,200000000100,ffff80003c9e5b68,ffff80002a848d00) at sysctl_file+0xc57 sys/kern/kern_sysctl.c:-1 kern_sysctl(ffff80003c9e5b34,5,200000000100,ffff80003c9e5b68,0,37,9da5c9272c5fd11d) at kern_sysctl+0x167 sys/kern/kern_sysctl.c:526 sys_sysctl(ffff80002a848d00,ffff80003c9e5ca0,ffff80003c9e5bf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1 syscall(ffff80003c9e5ca0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9e5ca0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbeea7321530, count: -6 ddb> machine ddbcpu 1 No such command ddb> trace in_pcb_iterator(ffffffff8396b598,fffffd807818d148,ffff80003c9e5838) at in_pcb_iterator+0x12b sys/netinet/in_pcb.c:699 sysctl_file(ffff80003c9e5b38,4,200000000100,ffff80003c9e5b68,ffff80002a848d00) at sysctl_file+0xc57 sys/kern/kern_sysctl.c:-1 kern_sysctl(ffff80003c9e5b34,5,200000000100,ffff80003c9e5b68,0,37,9da5c9272c5fd11d) at kern_sysctl+0x167 sys/kern/kern_sysctl.c:526 sys_sysctl(ffff80002a848d00,ffff80003c9e5ca0,ffff80003c9e5bf0) at sys_sysctl+0x3f2 sys/kern/kern_sysctl.c:-1 syscall(ffff80003c9e5ca0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9e5ca0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbeea7321530, count: -6