panic: pool_do_get: shmpl free list modified: page 0xfffffd804e7ff000; item addr 0xfffffd804e7ff4e8; offset 0x2c=0xdeaf4151
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
62995 69737 32767 0x10 0 0 syz-executor
* 88791 69737 32767 0x10 0x4000000 1K syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff830627be) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff83592c58,1,ffff80002a0ae288) at pool_do_get+0x5e6
pool_get(ffffffff83592c58,1) at pool_get+0x141
shmget_allocate_segment(ffff80003459ccc8,ffff80002a0ae4e0,0,ffff80002a0ae430) at shmget_allocate_segment+0x1a7
sys_shmget(ffff80003459ccc8,ffff80002a0ae4e0,ffff80002a0ae430) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:480
syscall(ffff80002a0ae4e0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002a0ae4e0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa167a8e1fb0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pool_do_get: shmpl free list modified: page 0xfffffd804e7ff000; item addr 0xfffffd804e7ff4e8; offset 0x2c=0xdeaf4151
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff830627be) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff83592c58,1,ffff80002a0ae288) at pool_do_get+0x5e6
pool_get(ffffffff83592c58,1) at pool_get+0x141
shmget_allocate_segment(ffff80003459ccc8,ffff80002a0ae4e0,0,ffff80002a0ae430) at shmget_allocate_segment+0x1a7
sys_shmget(ffff80003459ccc8,ffff80002a0ae4e0,ffff80002a0ae430) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:480
syscall(ffff80002a0ae4e0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002a0ae4e0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa167a8e1fb0, count: -8
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a0ae0d0
rbx 0xffff800029b7cd87
rdx 0
rcx 0xffff80003459ccc8
rax 0xffff800029b7bff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xe5b742e2b75ae649
r11 0x7722c28dfc4c9dc0
r12 0xffff800029b7cb88
r13 0
r14 0
r15 0x1
rip 0xffffffff81edc4a5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002a0ae0c0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor) tid=88791 pid=69737 tcnt=4 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003459d970,0xffffffff835423e8
process=0xffff8000367bed68 user=0xffff80002a0a9000, vmspace=0xfffffd807e0736f0
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
69737 62995 98822 32767 7 0x10 syz-executor
69737 502578 98822 32767 2 0x4000010 syz-executor
69737 224751 98822 32767 2 0x4000010 syz-executor
*69737 88791 98822 32767 7 0x4000010 syz-executor
46042 310233 65630 32767 2 0x10 syz-executor
46042 155207 65630 32767 3 0x4000090 lockf syz-executor
46042 428458 65630 32767 3 0x4000090 fsleep syz-executor
3391 359980 29209 0 2 0x100002 ndp
29209 106349 93738 0 3 0x10008a sigsusp sh
71518 199257 46242 32767 2 0x10 syz-executor
71518 504791 46242 32767 3 0x4000090 lockf syz-executor
71518 265335 46242 32767 3 0x4000090 lockf syz-executor
61725 174049 76582 32767 3 0x90 nanoslp syz-executor
61725 151982 76582 32767 3 0x4000090 fsleep syz-executor
61725 179591 76582 32767 3 0x4000090 lockf syz-executor
61725 41020 76582 32767 3 0x4000090 fsleep syz-executor
34589 107669 18061 32767 3 0x90 nanoslp syz-executor
34589 176432 18061 32767 3 0x4000090 sbwait syz-executor
34589 99273 18061 32767 3 0x4000090 fsleep syz-executor
93738 401312 71246 0 3 0x80 wait syz-executor
61458 366865 41009 0 3 0x100082 sbwait arp
41009 428506 33659 0 3 0x10008a sigsusp sh
65630 285609 22043 32767 3 0x90 nanoslp syz-executor
22043 369579 78351 0 3 0x82 wait syz-executor
71246 392148 78351 0 3 0x82 wait syz-executor
46242 385432 36567 32767 3 0x90 nanoslp syz-executor
1399 105715 45637 32767 3 0x10 biowait syz-executor
36567 224094 78351 0 3 0x82 wait syz-executor
45637 378234 78351 0 3 0x82 wait syz-executor
76582 346622 55310 32767 3 0x90 nanoslp syz-executor
18061 47188 71382 32767 3 0x90 nanoslp syz-executor
33659 307431 69896 0 3 0x80 wait syz-executor
71382 116092 78351 0 3 0x82 wait syz-executor
69896 143504 78351 0 3 0x82 wait syz-executor
55310 474264 78351 0 3 0x82 wait syz-executor
98822 55740 35412 32767 3 0x90 nanoslp syz-executor
35412 209581 78351 0 3 0x82 wait syz-executor
30845 303127 0 0 3 0x14200 bored sosplice
78351 318868 62720 0 2 0x2 syz-executor
62720 260718 1331 0 3 0x10008a sigsusp ksh
1331 335403 57742 0 3 0x98 kqread sshd-session
57742 375201 13912 0 3 0x92 kqread sshd-session
81848 379527 1 0 3 0x100083 ttyin getty
13912 242872 1 0 3 0x88 kqread sshd
81992 424217 26004 73 3 0x1100010 ffs_fsync syslogd
26004 172517 1 0 3 0x100082 sbwait syslogd
50850 93721 1 0 3 0x100080 kqread resolvd
38255 222431 90996 77 3 0x100092 kqread dhcpleased
77244 420700 90996 77 3 0x100092 kqread dhcpleased
90996 230475 1 0 3 0x80 kqread dhcpleased
33469 82348 0 0 3 0x14200 bored smr
42829 122428 0 0 2 0x14200 zerothread
58489 468190 0 0 3 0x14200 aiodoned aiodoned
66797 88043 0 0 3 0x14200 syncer update
44938 140212 0 0 3 0x14200 cleaner cleaner
72300 421980 0 0 3 0x14200 reaper reaper
48554 349482 0 0 3 0x14200 pgdaemon pagedaemon
27857 373970 0 0 3 0x14200 bored viomb
60649 208792 0 0 3 0x40014200 acpi0 acpi0
48534 352347 0 0 3 0x40014200 idle1
93654 248076 0 0 3 0x14200 bored softnet3
916 384205 0 0 3 0x14200 bored softnet2
18462 271991 0 0 3 0x14200 bored softnet1
47273 99276 0 0 3 0x14200 bored softnet0
84436 269116 0 0 3 0x14200 bored systqmp
94311 121460 0 0 3 0x14200 bored systq
88915 170335 0 0 3 0x14200 tmoslp softclockmp
172 214766 0 0 3 0x40014200 tmoslp softclock
11384 116325 0 0 3 0x40014200 idle0
1 188717 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex shmpl r = 0 (0xffffffff83592c68)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 mtx_enter_try+0x178
#2 mtx_enter+0x60 sys/kern/kern_lock.c:239
#3 pool_get+0x103 sys/kern/subr_pool.c:579
#4 shmget_allocate_segment+0x1a7
#5 sys_shmget+0x1b2 sys/kern/sysv_shm.c:480
#6 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#6 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
Process 69737 (syz-executor) thread 0xffff80003459ccc8 (88791)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff835029d0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#1 syscall+0xad6 sys/arch/amd64/amd64/trap.c:577
#2 Xsyscall+0x128
exclusive mutex shmpl r = 0 (0xffffffff83592c68)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 mtx_enter_try+0x178
#2 mtx_enter+0x60 sys/kern/kern_lock.c:239
#3 pool_get+0x103 sys/kern/subr_pool.c:579
#4 shmget_allocate_segment+0x1a7
#5 sys_shmget+0x1b2 sys/kern/sysv_shm.c:480
#6 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#6 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
Process 1399 (syz-executor) thread 0xffff80003459dbf8 (105715)
exclusive rrwlock inode r = 0 (0xfffffd80776425f0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 vget+0x2bd sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x192 sys/ufs/ufs/ufs_ihash.c:98
#7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1201
#8 ufs_lookup+0x19f8 sys/ufs/ufs/ufs_lookup.c:478
#9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566
#11 namei+0x7aa sys/kern/vfs_lookup.c:250
#12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1852
#13 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#13 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd80606223c8)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
#6 namei+0x7aa sys/kern/vfs_lookup.c:250
#7 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1852
#8 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#8 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
Process 81992 (syslogd) thread 0xffff8000ffffdbe8 (424217)
exclusive rrwlock inode r = 0 (0xfffffd806e348a30)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 sys_fsync+0x152 sys/kern/vfs_syscalls.c:2926
#6 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#6 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10216 10028K 10035K 166960K 11935 0
pcb 17 14K 16K 166960K 19 0
rtable 218 6K 7K 166960K 6960 0
pf 31 16K 16K 166960K 462 0
ifaddr 40 8K 9K 166960K 899 0
ifgroup 50 2K 2K 166960K 907 0
sysctl 4 1K 2K 166960K 6 0
counters 64 36K 36K 166960K 490 0
ioctlops 0 0K 2K 166960K 282 0
iov 0 0K 16K 166960K 191 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1463 92K 92K 166960K 5294 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 51 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 54 0
dirhash 15 2K 3K 166960K 72 0
ACPI 1690 195K 286K 166960K 12418 0
file desc 27 101K 157K 166960K 5796 0
sigio 0 0K 0K 166960K 54 0
proc 58 79K 176K 166960K 6630 0
subproc 104 6K 12K 166960K 3523 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 961 0
in_multi 89 6K 7K 166960K 2521 0
ether_multi 1 0K 0K 166960K 17 0
mrt 1 0K 0K 166960K 3 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 235 1049K 1049K 166960K 235 0
exec 0 0K 1K 166960K 3648 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 267 74K 131K 166960K 40914 0
UVM aobj 123 7K 7K 166960K 133 0
pinsyscall 50 100K 126K 166960K 12457 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 1 0K 0K 166960K 201 0
NDP 25 1K 2K 166960K 661 0
temp 74 6824K 6890K 166960K 46778 0
kqueue 15 24K 32K 166960K 460 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 925 0 915 5 4 1 3 0 8 0
rtentry 112 2459 0 2357 9 6 3 4 0 8 0
unpcb 144 2366 0 2346 26 25 1 6 0 8 0
syncache 336 46 0 46 19 18 1 1 0 8 1
tcpqe 32 17 0 17 9 9 0 1 0 8 0
tcpcb 808 1816 0 1810 68 64 4 9 0 8 3
arp 120 443 0 425 1 0 1 1 0 8 0
ipq 40 17 0 16 2 1 1 1 0 8 0
ipqe 40 217 0 216 2 1 1 1 0 8 0
inpcb 336 5230 0 5219 92 88 4 12 0 8 2
nd6 136 679 0 659 1 0 1 1 0 8 0
kcovpl 48 271 0 263 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 9909 0 9491 117 90 27 30 0 8 0
art_table 32 9910 0 9491 7 3 4 4 0 8 0
art_node 16 2458 0 2365 1 0 1 1 0 8 0
sysvmsgpl 40 14 0 10 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 52 0 42 1 0 1 1 0 8 0
shmpl 112 130 0 10 4 0 4 4 0 8 0
pool(0xffffffff83592c58:shmpl): page inconsistency: page 0xfffffd804e7ff000; 19 on list, 15 missing, 35 items per page
dirhash 1024 60 0 39 3 0 3 3 0 8 0
dino2pl 256 5525 0 3479 129 1 128 128 0 8 0
ffsino 272 5525 0 3479 137 0 137 137 0 8 0
nchpl 144 8775 0 6728 76 0 76 76 0 8 0
uvmvnodes 80 8469 0 0 173 0 173 173 0 8 0
vnodes 216 8469 0 0 471 0 471 471 0 8 0
namei 1024 52441 0 52441 21 20 1 2 0 8 1
percpumem 16 259 0 213 1 0 1 1 0 8 0
kstatmem 264 448 0 426 2 0 2 2 0 8 0
scxspl 216 122165 0 122163 22 21 1 8 1 8 0
plimitpl 152 1488 0 1464 2 0 2 2 0 8 0
sigapl 424 5576 0 5518 17 9 8 9 0 8 0
futexpl 64 33237 0 33233 18 17 1 1 0 8 0
knotepl 120 630 0 0 11 1 10 10 0 8 0
kqueuepl 216 872 0 861 9 8 1 3 0 8 0
pipepl 320 1284 0 1257 14 10 4 8 0 8 0
fdescpl 496 5557 0 5518 13 6 7 7 0 8 0
filepl 152 28808 0 28550 60 47 13 18 0 8 0
lockfpl 104 945 0 938 2 1 1 2 0 8 0
lockfspl 48 217 0 214 1 0 1 1 0 8 0
sessionpl 144 268 0 252 1 0 1 1 0 8 0
pgrppl 48 600 0 576 1 0 1 1 0 8 0
ucredpl 104 5187 0 5170 1 0 1 1 0 8 0
zombiepl 144 5518 0 5518 1 0 1 1 0 8 1
processpl 1160 5576 0 5518 9 3 6 6 0 8 0
procpl 648 9339 0 9269 15 9 6 7 0 8 0
srpgc 96 13 0 13 7 7 0 1 0 8 0
sosppl 168 27 0 27 12 11 1 1 0 8 1
sockpl 664 8569 0 8528 117 110 7 17 0 8 3
mcl64k 65536 9 0 0 2 0 2 2 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 13 0 0 2 0 2 2 0 8 0
mcl4k 4096 4 0 0 1 0 1 1 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 406 0 0 30 3 27 30 0 8 0
mtagpl 96 7 0 0 1 0 1 1 0 8 0
mbufpl 256 2263 0 0 138 0 138 138 0 8 0
bufpl 280 12523 0 4054 606 0 606 606 0 8 0
anonpl 24 742762 0 738067 130 72 58 87 0 185 10
amapchunkpl 152 129334 0 128697 83 46 37 48 0 158 10
amappl16 200 10282 0 10267 114 110 4 16 0 8 2
amappl15 192 55 0 55 1 1 0 1 0 8 0
amappl14 184 591 0 579 1 0 1 1 0 8 0
amappl13 176 7 0 7 1 1 0 1 0 8 0
amappl12 168 9608 0 9569 10 8 2 3 0 8 0
amappl11 160 49 0 39 1 0 1 1 0 8 0
amappl10 152 10 0 10 1 1 0 1 0 8 0
amappl9 144 137 0 137 1 1 0 1 0 8 0
amappl8 136 19 0 17 1 0 1 1 0 8 0
amappl7 128 561 0 549 1 0 1 1 0 8 0
amappl6 120 2276 0 2272 1 0 1 1 0 8 0
amappl5 112 1007 0 998 1 0 1 1 0 8 0
amappl4 104 1054 0 1037 1 0 1 1 0 8 0
amappl3 96 24306 0 24176 5 1 4 4 0 8 0
amappl2 88 4017 0 3949 2 0 2 2 0 8 0
amappl1 80 45452 0 44867 18 3 15 15 0 8 0
amappl 88 38641 0 38435 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 132 0 10 3 0 3 3 0 8 0
uaddrrnd 24 5557 0 5518 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 5557 0 5518 1 0 1 1 0 8 0
vmmpekpl 168 49170 0 49094 7 3 4 5 0 8 0
vmmpepl 168 350439 0 348375 173 74 99 105 0 357 5
vmsppl 440 5556 0 5518 7 1 6 6 0 8 0
rwobjpl 56 105049 0 95519 142 5 137 137 0 8 0
pdppl 4096 11121 0 11036 792 697 95 113 0 8 10
pvpl 32 48207 0 0 385 1 384 384 0 265 0
pmappl 248 5556 0 5518 7 4 3 4 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1556 0 983 17 0 17 17 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff8343dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 kd_curproc sys/dev/kcov.c:590 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 sys/dev/kcov.c:158
__mp_lock(ffffffff835027c8) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff835027c8) at __mp_lock+0x1a3 sys/kern/kern_lock.c:144
intr_handler(ffff80002a0a88c0,ffff800000079f80) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:553
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
end of kernel
end trace frame: 0x7a3f4ca4a330, count: 8
ddb{0}> trace
x86_ipi_db(ffffffff8343dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 kd_curproc sys/dev/kcov.c:590 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 sys/dev/kcov.c:158
__mp_lock(ffffffff835027c8) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff835027c8) at __mp_lock+0x1a3 sys/kern/kern_lock.c:144
intr_handler(ffff80002a0a88c0,ffff800000079f80) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:553
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
end of kernel
end trace frame: 0x7a3f4ca4a330, count: -7
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x25: addq $0x8,%rsp
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff830627be) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff83592c58,1,ffff80002a0ae288) at pool_do_get+0x5e6
pool_get(ffffffff83592c58,1) at pool_get+0x141
shmget_allocate_segment(ffff80003459ccc8,ffff80002a0ae4e0,0,ffff80002a0ae430) at shmget_allocate_segment+0x1a7
sys_shmget(ffff80003459ccc8,ffff80002a0ae4e0,ffff80002a0ae430) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:480
syscall(ffff80002a0ae4e0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002a0ae4e0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa167a8e1fb0, count: 7
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff830627be) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff83592c58,1,ffff80002a0ae288) at pool_do_get+0x5e6
pool_get(ffffffff83592c58,1) at pool_get+0x141
shmget_allocate_segment(ffff80003459ccc8,ffff80002a0ae4e0,0,ffff80002a0ae430) at shmget_allocate_segment+0x1a7
sys_shmget(ffff80003459ccc8,ffff80002a0ae4e0,ffff80002a0ae430) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:480
syscall(ffff80002a0ae4e0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002a0ae4e0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa167a8e1fb0, count: -8