kernel: protection fault trap, code=0 Stopped at nd6_timer+0x57: movq 0x48(%r13),%r12 ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace nd6_timer(0) at nd6_timer+0x57 sys/netinet6/nd6.c:278 timeout_run(ffffffff82e5ac08) at timeout_run+0xd0 sys/kern/kern_timeout.c:666 softclock_thread(ffff8000fffff480) at softclock_thread+0x113 sys/kern/kern_timeout.c:814 end trace frame: 0x0, count: -3 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002a10b820 rbx 0x5ddffb6cb5992b18 rdx 0 rcx 0xffff8000fffff480 rax 0xffffffff82d37ff0 cpu_info_full_primary+0x1ff0 r8 0 r9 0 r10 0x7e94e6a52a64d234 r11 0x447e91ebb7aaa861 r12 0x1 r13 0xdead4110dead4110 r14 0x7c r15 0x7a rip 0xffffffff82136b47 nd6_timer+0x57 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a10b7e0 ss 0x10 nd6_timer+0x57: movq 0x48(%r13),%r12 ddb{0}> show proc PROC (softclock) tid=492460 pid=14338 tcnt=1 stat=onproc flags process=14000 proc=40000200 runpri=50, usrpri=50, slppri=0, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffff710,0xffff8000ffffef70 process=0xffff80002a0fecb0 user=0xffff80002a106000, vmspace=0xffffffff82e52208 estcpu=0, cpticks=0, pctcpu=0.16, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 50096 156171 68030 0 2 0x8000000 syz-executor.1 50096 305068 68030 0 2 0xc000000 syz-executor.1 50096 287018 68030 0 3 0xc000080 fsleep syz-executor.1 92374 210235 67632 0 2 0x8000000 syz-executor.2 26575 92531 75724 0 2 0x8000000 syz-executor.0 37227 9334 6328 0 2 0x8000480 syz-executor.3 37227 370237 6328 0 3 0xc000080 kqsel syz-executor.3 37227 94057 6328 0 3 0xc000080 fsleep syz-executor.3 68030 168012 50061 0 2 0x8000482 syz-executor.1 78558 280285 27079 0 2 0x8000480 syz-executor.6 78558 64085 27079 0 3 0xc000080 ttyout syz-executor.6 78558 55339 27079 0 3 0xc000080 fsleep syz-executor.6 58712 476457 50061 0 2 0x8000002 syz-executor.7 67632 420346 50061 0 2 0x8000482 syz-executor.2 75724 188492 50061 0 2 0x8000482 syz-executor.0 88698 515098 50061 0 2 0x8000482 syz-executor.4 97641 343718 0 0 3 0x14200 bored sosplice 21179 267292 53355 0 2 0x18100082 arp 53355 432732 1 0 3 0x810008a sigsusp sh 6328 63653 50061 0 2 0x8000482 syz-executor.3 85297 147443 50061 0 2 0x8000482 syz-executor.5 27079 15824 50061 0 2 0x8000482 syz-executor.6 50061 433838 86412 0 3 0x1a000082 wait syz-fuzzer 50061 1453 86412 0 3 0x1e000082 nanoslp syz-fuzzer 50061 29537 86412 0 3 0x1e000082 wait syz-fuzzer 50061 420501 86412 0 3 0x1e000002 netlock syz-fuzzer 50061 134500 86412 0 3 0x1e000082 wait syz-fuzzer 50061 328126 86412 0 3 0x1e000082 thrsleep syz-fuzzer 50061 428130 86412 0 3 0x1e000082 wait syz-fuzzer 50061 59304 86412 0 3 0x1e000082 wait syz-fuzzer 50061 233016 86412 0 3 0x1e000082 wait syz-fuzzer 50061 400927 86412 0 3 0x1e000082 thrsleep syz-fuzzer 50061 518263 86412 0 3 0x1e000082 thrsleep syz-fuzzer 50061 414548 86412 0 3 0x1e000082 thrsleep syz-fuzzer 50061 39278 86412 0 3 0x1e000082 wait syz-fuzzer 50061 456725 86412 0 3 0x1e000082 kqread syz-fuzzer 50061 73514 86412 0 3 0x1e000082 wait syz-fuzzer 86412 498277 66207 0 3 0x810008a sigsusp ksh 66207 123019 40980 0 3 0x1800009a kqread sshd 56895 321720 1 0 3 0x18100083 ttyin getty 40980 22604 1 0 3 0x18000088 kqread sshd 43018 135577 79428 73 2 0x19100010 syslogd 79428 106000 1 0 3 0x18100082 sbwait syslogd 9125 128564 1 0 3 0x18100080 kqread resolvd 15691 194978 29755 77 3 0x18100092 kqread dhcpleased 63865 94644 29755 77 3 0x18100092 kqread dhcpleased 29755 288445 1 0 3 0x18000080 kqread dhcpleased 4111 515378 0 0 3 0x14200 bored smr 10991 24547 0 0 2 0x14200 zerothread 47819 276122 0 0 3 0x14200 aiodoned aiodoned 30867 10586 0 0 7 0x14600 update 50109 460677 0 0 3 0x14200 cleaner cleaner 19517 1995 0 0 3 0x14200 reaper reaper 54659 421250 0 0 3 0x14200 pgdaemon pagedaemon 29634 144432 0 0 3 0x14200 bored viomb 12697 258301 0 0 3 0x40014200 acpi0 acpi0 82423 46030 0 0 3 0x40014200 idle1 81742 323264 0 0 3 0x14200 bored softnet3 1745 469701 0 0 3 0x14200 bored softnet2 34094 461951 0 0 3 0x14200 bored softnet1 85782 362042 0 0 2 0x14200 softnet0 69980 82127 0 0 3 0x14200 bored systqmp 93627 266313 0 0 3 0x14200 bored systq 48261 363543 0 0 3 0x14200 tmoslp softclockmp *14338 492460 0 0 7 0x40014200 softclock 7817 206619 0 0 3 0x40014200 idle0 1 123563 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 58712 (syz-executor.7) thread 0xffff8000ffff6018 (476457) exclusive rrwlock inode r = 0 (0xfffffd806d941810) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 rw_enter+0x32d sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x91 sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:524 #4 vn_lock+0x85 sys/kern/vfs_vnops.c:564 #5 vget+0x1fd sys/kern/vfs_subr.c:676 #6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119 #7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1201 #8 ufs_lookup+0x1373 sys/ufs/ufs/ufs_lookup.c:478 #9 VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85 #10 vfs_lookup+0x6f8 sys/kern/vfs_lookup.c:566 #11 namei+0x56a sys/kern/vfs_lookup.c:250 #12 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1856 #13 syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] #13 syscall+0x854 sys/arch/amd64/amd64/trap.c:577 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd805c7545e8) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 rw_enter+0x32d sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x91 sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:524 #4 vn_lock+0x85 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0xd3 sys/kern/vfs_lookup.c:418 #6 namei+0x56a sys/kern/vfs_lookup.c:250 #7 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1856 #8 syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] #8 syscall+0x854 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 Process 50061 (syz-fuzzer) thread 0xffff80002a148298 (420501) exclusive rwlock sbufrcv r = 0 (0xffff800000dc3d60) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 rw_enter+0x32d sys/kern/kern_rwlock.c:309 #2 sblock+0x8a sys/kern/uipc_socket2.c:548 #3 soreceive+0x201 sys/kern/uipc_socket.c:876 #4 soo_read+0x57 sys/kern/sys_socket.c:67 #5 dofilereadv+0x1a1 sys/kern/sys_generic.c:247 #6 sys_read+0x87 sys/kern/sys_generic.c:167 #7 syscall+0x8cf mi_syscall sys/sys/syscall_mi.h:180 [inline] #7 syscall+0x8cf sys/arch/amd64/amd64/trap.c:577 #8 Xsyscall+0x128 Process 43018 (syslogd) thread 0xffff8000ffffdc40 (135577) exclusive rrwlock inode r = 0 (0xfffffd806e7412c0) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 rw_enter+0x32d sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x91 sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:524 #4 vn_lock+0x85 sys/kern/vfs_vnops.c:564 #5 sys_fsync+0xf1 sys/kern/vfs_syscalls.c:2931 #6 syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] #6 syscall+0x854 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 Process 14338 (softclock) thread 0xffff8000fffff480 (492460) exclusive rwlock netlock r = 0 (0xffffffff82c86ad0) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 nd6_timer+0x25 sys/netinet6/nd6.c:271 #2 timeout_run+0xd0 sys/kern/kern_timeout.c:666 #3 softclock_thread+0x113 sys/kern/kern_timeout.c:814 #4 proc_trampoline+0x10 shared rwlock timeout r = 0 (0xffffffff82ce25b0) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 timeout_run+0xbb sys/kern/kern_timeout.c:662 #2 softclock_thread+0x113 sys/kern/kern_timeout.c:814 #3 proc_trampoline+0x10 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82e5a068) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x491 sys/kern/sched_bsd.c:470 #3 sleep_finish+0x19a sys/kern/kern_synch.c:417 #4 msleep+0xeb sys/kern/kern_synch.c:249 #5 softclock_thread+0xcf sys/kern/kern_timeout.c:810 #6 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10189 6426K 6875K 166960K 12329 0 pcb 19 13K 14K 166960K 226 0 rtable 221 6K 7K 166960K 625 0 pf 27 8K 10K 166960K 71 0 ifaddr 40 14K 15K 166960K 83 0 ifgroup 46 2K 2K 166960K 109 0 sysctl 1 0K 1K 166960K 2 0 counters 62 36K 36K 166960K 90 0 ioctlops 0 0K 4K 166960K 1539 0 iov 0 0K 18K 166960K 32 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1444 91K 91K 166960K 2047 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 9K 9K 166960K 18 0 VM map 2 1K 1K 166960K 2 0 sem 11 1K 1K 166960K 17 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 17 61K 89K 166960K 785 0 sigio 0 0K 0K 166960K 9 0 proc 58 79K 127K 166960K 725 0 subproc 117 7K 7K 166960K 208 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 108 0 in_multi 88 6K 7K 166960K 210 0 ether_multi 1 0K 0K 166960K 7 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 608 0 pfkey data 0 0K 0K 166960K 5 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 281 76K 95K 166960K 9476 0 UVM aobj 36 6K 6K 166960K 41 0 pinsyscall 38 76K 100K 166960K 2163 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 1 0K 0K 166960K 87 0 NDP 12 0K 1K 166960K 54 0 temp 68 6818K 7311K 166960K 31985 0 kqueue 12 18K 24K 166960K 100 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 105 0 100 1 0 1 1 0 8 0 rtentry 112 198 0 96 3 0 3 3 0 8 0 unpcb 144 723 0 708 8 2 6 6 0 8 5 syncache 336 7 0 7 2 2 0 1 0 8 0 tcpqe 32 13 0 13 1 1 0 1 0 8 0 tcpcb 808 299 0 294 10 3 7 7 0 8 6 arp 120 34 0 18 1 0 1 1 0 8 0 inpcb 384 1002 0 991 24 16 8 11 0 8 6 nd6 136 49 0 26 1 0 1 1 0 8 0 pkpcb 40 10 0 10 6 5 1 1 0 8 1 kcovpl 48 16 0 7 1 0 1 1 0 8 0 pffrag 232 8 0 6 1 0 1 1 0 482 0 pffrnode 88 7 0 5 1 0 1 1 0 8 0 pffrent 40 10 0 8 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 46 0 30 1 0 1 1 0 8 0 pfstkey 128 46 0 30 1 0 1 1 0 8 0 pfstate 376 46 0 30 3 0 3 3 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 771 0 357 31 5 26 27 0 8 0 art_table 32 772 0 357 4 0 4 4 0 8 0 art_node 16 197 0 105 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 2 2 1 1 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 10 0 1 1 0 1 1 0 8 0 shmpl 112 38 0 5 1 0 1 1 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 2638 0 1104 97 0 97 97 0 8 0 ffsino 272 2638 0 1104 104 0 104 104 0 8 0 nchpl 144 3897 0 2153 67 0 67 67 0 8 0 uvmvnodes 80 3182 0 0 65 0 65 65 0 8 0 vnodes 216 3182 0 0 177 0 177 177 0 8 0 namei 1024 14830 0 14830 2 1 1 2 0 8 1 percpumem 16 59 0 14 1 0 1 1 0 8 0 vmpool 696 2 0 2 2 1 1 1 0 8 1 kstatmem 264 48 0 28 2 0 2 2 0 8 0 scxspl 216 18849 0 18849 15 11 4 8 1 8 4 plimitpl 152 303 0 285 1 0 1 1 0 8 0 sigapl 424 1087 0 1038 7 0 7 7 0 8 0 futexpl 64 10276 0 10273 2 1 1 1 0 8 0 knotepl 120 564 0 0 16 0 16 16 0 8 0 kqueuepl 216 322 0 312 4 3 1 3 0 8 0 pipepl 320 263 0 232 3 0 3 3 0 8 0 fdescpl 496 1066 0 1038 6 1 5 5 0 8 0 filepl 152 7850 0 7582 18 2 16 16 0 8 3 lockfpl 104 206 0 203 1 0 1 1 0 8 0 lockfspl 48 93 0 90 1 0 1 1 0 8 0 sessionpl 144 31 0 14 1 0 1 1 0 8 0 pgrppl 48 40 0 23 1 0 1 1 0 8 0 ucredpl 104 1205 0 1184 1 0 1 1 0 8 0 zombiepl 144 1040 0 1038 1 0 1 1 0 8 0 processpl 1144 1087 0 1038 4 0 4 4 0 8 0 procpl 656 2026 0 1957 7 0 7 7 0 8 0 srpgc 96 9 0 9 3 3 0 1 0 8 0 sosppl 168 1 0 1 1 1 0 1 0 8 0 sockpl 664 1848 0 1817 26 15 11 14 0 8 8 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 5 0 0 1 0 1 1 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 389 0 0 49 0 49 49 0 8 0 mtagpl 96 12 0 0 1 0 1 1 0 8 0 mbufpl 256 422 0 0 27 0 27 27 0 8 0 bufpl 280 7854 0 1513 454 0 454 454 0 8 0 anonpl 24 302245 0 296446 76 10 66 66 0 186 12 amapchunkpl 152 31599 0 30961 44 6 38 41 0 158 8 amappl16 200 8002 0 7869 36 27 9 20 0 8 0 amappl15 192 18 0 18 1 1 0 1 0 8 0 amappl14 184 181 0 169 2 1 1 2 0 8 0 amappl13 176 51 0 51 1 1 0 1 0 8 0 amappl12 168 1885 0 1853 3 0 3 3 0 8 0 amappl11 160 52 0 42 1 0 1 1 0 8 0 amappl10 152 56 0 44 1 0 1 1 0 8 0 amappl9 144 373 0 373 2 2 0 1 0 8 0 amappl8 136 176 0 145 2 0 2 2 0 8 0 amappl7 128 59 0 45 1 0 1 1 0 8 0 amappl6 120 440 0 424 2 1 1 2 0 8 0 amappl5 112 249 0 237 1 0 1 1 0 8 0 amappl4 104 646 0 610 2 0 2 2 0 8 0 amappl3 96 5583 0 5503 3 0 3 3 0 8 0 amappl2 88 1476 0 1405 4 2 2 4 0 8 0 amappl1 80 12205 0 11692 22 9 13 22 0 8 0 amappl 88 8822 0 8634 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 40 0 5 1 0 1 1 0 8 0 uaddrrnd 24 1068 0 1040 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1068 0 1040 1 0 1 1 0 8 0 vmmpekpl 168 12978 0 12921 4 0 4 4 0 8 0 vmmpepl 168 88733 0 86867 120 26 94 116 0 357 0 vmsppl 440 1067 0 1040 4 0 4 4 0 8 0 rwobjpl 56 32567 0 28232 66 3 63 63 0 8 0 pdppl 4096 2143 0 2080 133 62 71 79 0 8 8 pvpl 32 46399 0 0 375 0 375 375 0 265 0 pmappl 248 1067 0 1040 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 466 0 75 12 0 12 12 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace nd6_timer(0) at nd6_timer+0x57 sys/netinet6/nd6.c:278 timeout_run(ffffffff82e5ac08) at timeout_run+0xd0 sys/kern/kern_timeout.c:666 softclock_thread(ffff8000fffff480) at softclock_thread+0x113 sys/kern/kern_timeout.c:814 end trace frame: 0x0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e59e60) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e59e60) at __mp_lock+0x122 sys/kern/kern_lock.c:147 __mp_acquire_count(ffffffff82e59e60,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 mi_switch() at mi_switch+0x491 sys/kern/sched_bsd.c:470 sleep_finish(65,1) at sleep_finish+0x19a sys/kern/kern_synch.c:417 syncer_thread(ffff80002a148cd8) at syncer_thread+0x446 sys/kern/vfs_sync.c:204 end trace frame: 0x0, count: -8