kernel: protection fault trap, code=0 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff80003aff9a28,ffff80003c0158c0,ffff80003c015810) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c0158c0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c0158c0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xab1fe269d00, count: -3 ddb{0}> show registers rdi 0 rsi 0x7665 __ALIGN_SIZE+0x6665 rbp 0xffff80003c0157e0 rbx 0xdeadbeefdeb27123 rdx 0 rcx 0xffff80003aff9a28 rax 0xffffffff837cdff0 cpu_info_full_primary+0x1ff0 r8 0x7f7fffffc000 r9 0 r10 0xc4dbde659f2df729 r11 0xb7afc3b6408befbd r12 0x7665 __ALIGN_SIZE+0x6665 r13 0xfffffd805d904700 r14 0xffff80003c0158c0 r15 0x7665 __ALIGN_SIZE+0x6665 rip 0xffffffff822190a2 sys_semop+0x352 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c0156f0 ss 0x10 sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{0}> show proc PROC (syz-executor) tid=46233 pid=18183 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=80, usrpri=80, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003aff8800,0xffff80003aff8fd8 process=0xffff8000383da6a0 user=0xffff80003c010000, vmspace=0xfffffd806af00200 estcpu=30, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 70931 94155 12577 0 2 0x2 ifconfig 12577 404826 91723 0 3 0x10008a sigsusp sh 28464 252720 57070 0 7 0 syz-executor 28464 64739 57070 0 3 0x4000080 fsleep syz-executor 28464 142679 57070 0 2 0x4000000 syz-executor 82025 34858 62086 0 2 0 syz-executor 82025 127891 62086 0 3 0x4000080 fsleep syz-executor 18183 147659 94531 0 2 0 syz-executor *18183 46233 94531 0 7 0x4000000 syz-executor 18183 355415 94531 0 3 0x4000080 fsleep syz-executor 18183 167659 94531 0 3 0x4000080 fsleep syz-executor 91723 182535 84648 0 3 0x82 wait syz-executor 70556 312316 40206 0 3 0x3000 suspend syz-executor 70556 366828 40206 0 2 0x4081000 syz-executor 70556 189580 40206 0 3 0x4081000 inode syz-executor 70556 8202 40206 0 3 0x4081000 inode syz-executor 78973 132721 35783 0 4 0x82000 syz-executor 78973 473319 35783 0 2 0x4082000 syz-executor 78973 321566 35783 0 3 0x4082000 inode syz-executor 78973 34893 35783 0 3 0x4002000 suspend syz-executor 49023 257818 0 0 3 0x14280 nfsidl nfsio 35273 306178 0 0 3 0x14280 nfsidl nfsio 3066 506354 0 0 3 0x14280 nfsidl nfsio 24023 437061 0 0 3 0x14280 nfsidl nfsio 59841 265120 0 0 3 0x14280 nfsidl nfsio 48151 8387 0 0 3 0x14280 nfsidl nfsio 56171 414053 0 0 3 0x14280 nfsidl nfsio 64527 392107 0 0 3 0x14280 nfsidl nfsio 79938 248725 0 0 3 0x14280 nfsidl nfsio 33327 79318 0 0 3 0x14280 nfsidl nfsio 92284 511203 0 0 3 0x14280 nfsidl nfsio 17983 363973 0 0 3 0x14280 nfsidl nfsio 45263 112962 0 0 3 0x14280 nfsidl nfsio 67418 298869 0 0 3 0x14280 nfsidl nfsio 42707 488203 0 0 3 0x14280 nfsidl nfsio 68455 140234 0 0 3 0x14280 nfsidl nfsio 55968 269225 0 0 3 0x14280 nfsidl nfsio 93779 393646 0 0 3 0x14280 nfsidl nfsio 46620 18874 0 0 3 0x14280 nfsidl nfsio 76650 24463 0 0 3 0x14280 nfsidl nfsio 62086 343237 84648 0 3 0x82 nanoslp syz-executor 23206 320706 0 0 3 0x14200 bored sosplice 57070 218446 84648 0 2 0x2 syz-executor 94531 190445 84648 0 2 0x3 syz-executor 35783 92021 84648 0 3 0x82 nanoslp syz-executor 50918 447331 84648 0 3 0x3 inode syz-executor 49731 248460 84648 0 3 0x3 inode syz-executor 40206 448806 84648 0 2 0x3 syz-executor 84648 88567 43899 0 2 0x3 syz-executor 43899 393963 88344 0 3 0x10008a sigsusp ksh 88344 440715 91416 0 3 0x98 kqread sshd-session 91416 61414 78498 0 3 0x92 kqread sshd-session 51797 97596 1 0 3 0x100083 ttyopn getty 78498 100136 1 0 3 0x88 kqread sshd 71725 333515 29523 74 3 0x1100092 bpf pflogd 29523 381385 1 0 3 0x80 sbwait pflogd 50970 357368 78406 73 3 0x1100090 kqread syslogd 78406 276403 1 0 3 0x100082 sbwait syslogd 73774 59908 1 0 3 0x100080 kqread resolvd 25784 12424 72377 77 3 0x100092 kqread dhcpleased 34191 414756 72377 77 3 0x100092 kqread dhcpleased 72377 465467 1 0 3 0x80 kqread dhcpleased 51621 500784 0 0 3 0x14200 bored smr 11546 383698 0 0 2 0x14200 zerothread 65511 104905 0 0 3 0x14200 aiodoned aiodoned 76382 91548 0 0 3 0x14200 syncer update 51474 506246 0 0 3 0x14200 cleaner cleaner 90980 313246 0 0 3 0x14200 reaper reaper 73887 386577 0 0 3 0x14200 pgdaemon pagedaemon 40039 310696 0 0 3 0x14200 bored viomb 3650 78094 0 0 3 0x40014200 acpi0 acpi0 10645 42994 0 0 3 0x40014200 idle1 93835 352275 0 0 3 0x14200 bored softnet1 46981 500816 0 0 3 0x14200 bored softnet0 6335 518977 0 0 3 0x14200 smrbar systqmp 63512 300200 0 0 3 0x14200 bored systq 480 383821 0 0 3 0x14200 tmoslp softclockmp 25030 104402 0 0 3 0x40014200 tmoslp softclock 75773 157211 0 0 3 0x40014200 idle0 1 497564 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 18183 (syz-executor) thread 0xffff80003aff9a28 (46233) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839def08) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe3 sys/kern/kern_malloc.c:174 #3 sys_semop+0x22f sys/kern/sysv_sem.c:-1 #4 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #4 syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 #5 Xsyscall+0x128 Process 70556 (syz-executor) thread 0xffff8000383d6558 (366828) exclusive rrwlock inode r = 0 (0xfffffd80625d16b0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x18f sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x242 sys/kern/sys_generic.c:380 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 #9 Xsyscall+0x128 Process 70556 (syz-executor) thread 0xffff8000383d74e8 (189580) exclusive rrwlock inode r = 0 (0xfffffd80625d17d8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vfs_lookup+0x11c sys/kern/vfs_lookup.c:-1 #6 namei+0x7ca sys/kern/vfs_lookup.c:250 #7 vn_open+0x1f1 sys/kern/vfs_vnops.c:107 #8 doopenat+0x35b sys/kern/vfs_syscalls.c:1138 #9 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #9 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 #10 Xsyscall+0x128 Process 78973 (syz-executor) thread 0xffff80002a272010 (473319) exclusive rrwlock inode r = 0 (0xfffffd80625d10e8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x18f sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x242 sys/kern/sys_generic.c:380 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 #9 Xsyscall+0x128 Process 40206 (syz-executor) thread 0xffff80002a2727d8 (448806) exclusive rrwlock inode r = 0 (0xfffffd8066edd208) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vget+0x2a2 sys/kern/vfs_subr.c:687 #6 ktrwriteraw+0x175 sys/kern/kern_ktrace.c:688 #7 ktrsyscall+0x340 ktrwrite sys/kern/kern_ktrace.c:-1 [inline] #7 ktrsyscall+0x340 sys/kern/kern_ktrace.c:183 #8 syscall+0x304 mi_syscall sys/sys/syscall_mi.h:154 [inline] #8 syscall+0x304 sys/arch/amd64/amd64/trap.c:748 #9 Xsyscall+0x128 Process 6335 (systqmp) thread 0xffff8000ffffe298 (518977) shared rwlock systqmp r = 0 (0xffffffff8380e328) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 taskq_thread+0x12a sys/kern/kern_task.c:442 #2 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10222 11237K 11283K 166960K 11923 0 pcb 17 16K 17K 166960K 185 0 rtable 226 10K 11K 166960K 501 0 pf 36 18K 67485K 166960K 117 0 ifaddr 37 6K 7K 166960K 83 0 ifgroup 55 2K 2K 166960K 128 0 sysctl 3 1K 9K 166960K 13 0 counters 68 36K 38K 166960K 146 0 ioctlops 0 0K 4K 166960K 1562 0 iov 0 0K 16K 166960K 31 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1402 88K 89K 166960K 1818 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 9 0 VM map 2 1K 1K 166960K 2 0 sem 11 0K 0K 166960K 17 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 93K 166960K 602 0 sigio 1 0K 0K 166960K 6 0 proc 79 131K 164K 166960K 661 0 subproc 72 4K 4K 166960K 99 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 43 0 in_multi 77 5K 7K 166960K 141 0 ether_multi 1 0K 0K 166960K 5 0 mrt 0 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 494 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 255 162K 174K 166960K 7507 0 UVM aobj 18 2K 2K 166960K 22 0 pinsyscall 42 84K 102K 166960K 1810 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 22 0 NDP 12 0K 2K 166960K 55 0 temp 76 8656K 8723K 166960K 29737 0 kqueue 13 20K 32K 166960K 132 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 71 0 68 1 0 1 1 0 8 0 rtentry 176 148 0 58 6 1 5 6 0 8 0 unpcb 144 390 0 371 7 1 6 6 0 8 5 syncache 336 7 0 7 1 1 0 1 0 8 0 tcpqe 32 4 0 4 1 1 0 1 0 8 0 tcpcb 736 121 0 114 2 0 2 2 0 8 1 arp 136 23 0 9 1 0 1 1 0 8 0 inpcb 328 832 0 821 15 5 10 10 0 8 9 nd6 152 32 0 13 1 0 1 1 0 8 0 pkpcb 40 7 0 7 2 1 1 1 0 8 1 kcovpl 48 11 0 3 1 0 1 1 0 8 0 ppxss 1192 28 0 28 1 0 1 1 0 8 1 pppxif 1504 6 0 6 2 1 1 1 0 8 1 pfstscr 40 2 0 1 1 0 1 1 0 8 0 pffrag 232 5 0 2 1 0 1 1 0 482 0 pffrnode 88 5 0 2 1 0 1 1 0 8 0 pffrent 40 9 0 6 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 26 0 3 1 0 1 1 0 8 0 pfstkey 128 28 0 5 1 0 1 1 0 8 0 pfstate 384 26 0 4 3 0 3 3 0 8 0 pfrule 1344 26 0 20 2 1 1 2 0 8 0 rttmr 136 2 0 2 2 1 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 645 0 271 31 2 29 29 0 8 2 art_table 40 647 0 271 5 0 5 5 0 8 0 art_node 32 147 0 64 1 0 1 1 0 8 0 sysvmsgpl 40 42 0 2 1 0 1 1 0 8 0 semapl 112 13 0 5 1 0 1 1 0 8 0 shmpl 112 19 0 4 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 2419 0 903 96 0 96 96 0 8 0 ffsino 296 2419 0 903 118 0 118 118 0 8 0 nchpl 144 3230 0 1520 64 0 64 64 0 8 0 rtmask 32 8 0 8 2 1 1 1 0 8 1 vnodes 216 2786 0 0 155 0 155 155 0 8 0 namei 1024 10655 0 10652 3 2 1 2 0 8 0 percpumem 16 88 0 39 1 0 1 1 0 8 0 kstatmem 264 74 0 46 4 1 3 3 0 8 1 scsiplug 72 3 0 3 2 1 1 1 0 8 1 scxspl 216 15259 0 15259 11 9 2 8 1 8 2 plimitpl 152 123 0 104 1 0 1 1 0 8 0 sigapl 424 930 0 862 9 1 8 8 0 8 0 knotepl 120 598 0 0 19 0 19 19 0 8 0 kqueuepl 224 271 0 262 6 4 2 5 0 8 1 pipepl 344 238 0 211 9 6 3 9 0 8 0 fdescpl 528 892 0 861 3 0 3 3 0 8 0 filepl 160 5395 0 5174 25 8 17 18 0 8 5 lockfpl 104 224 0 221 1 0 1 1 0 8 0 lockfspl 48 69 0 66 1 0 1 1 0 8 0 sessionpl 144 29 0 20 1 0 1 1 0 8 0 pgrppl 48 44 0 27 1 0 1 1 0 8 0 ucredpl 104 493 0 478 1 0 1 1 0 8 0 zombiepl 144 986 0 985 1 0 1 1 0 8 0 processpl 1232 930 0 862 6 0 6 6 0 8 0 procpl 664 1729 0 1649 8 0 8 8 0 8 0 sosppl 168 5 0 5 2 1 1 1 0 8 1 sockpl 752 1316 0 1283 27 13 14 18 0 8 10 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 116 0 0 15 0 15 15 0 8 1 mcl2k 2048 27 0 0 4 0 4 4 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 227 0 0 15 0 15 15 0 8 0 bufpl 280 5708 0 132 399 0 399 399 0 8 0 anonpl 32 9513 0 0 77 0 77 77 0 246 0 amapchunkpl 152 23970 0 23356 33 3 30 31 0 158 2 amappl16 200 3244 0 3012 23 10 13 17 0 8 0 amappl15 192 5 0 4 1 0 1 1 0 8 0 amappl14 184 46 0 45 2 1 1 1 0 8 0 amappl13 176 455 0 453 1 0 1 1 0 8 0 amappl12 168 1276 0 1235 3 0 3 3 0 8 0 amappl11 160 6 0 6 1 1 0 1 0 8 0 amappl10 152 49 0 35 1 0 1 1 0 8 0 amappl9 144 246 0 246 1 1 0 1 0 8 0 amappl8 136 35 0 32 1 0 1 1 0 8 0 amappl7 128 92 0 90 1 0 1 1 0 8 0 amappl6 120 312 0 297 1 0 1 1 0 8 0 amappl5 112 79 0 69 1 0 1 1 0 8 0 amappl4 104 439 0 408 1 0 1 1 0 8 0 amappl3 96 4032 0 3938 4 1 3 3 0 8 0 amappl2 88 1031 0 955 2 0 2 2 0 8 0 amappl1 80 12184 0 11591 14 0 14 14 0 8 0 amappl 88 6640 0 6465 5 0 5 5 0 92 0 uvmvnodes 80 2786 0 0 57 0 57 57 0 8 0 dma16384 16384 2 0 2 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 21 0 4 1 0 1 1 0 8 0 uaddrrnd 24 892 0 861 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 892 0 861 1 0 1 1 0 8 0 vmmpekpl 168 9311 0 9266 3 0 3 3 0 8 0 vmmpepl 168 65860 0 63774 103 7 96 100 0 357 0 vmsppl 488 891 0 861 5 0 5 5 0 8 0 rwobjpl 80 23797 0 19828 81 0 81 81 0 8 0 pdppl 4096 1792 0 1722 106 34 72 86 0 8 2 pvpl 32 17578 0 0 142 0 142 142 0 265 0 pmappl 256 891 0 861 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 288 0 42 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff80003aff9a28,ffff80003c0158c0,ffff80003c015810) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c0158c0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c0158c0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xab1fe269d00, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x7e71da4e08e0, count: -3