kernel: protection fault trap, code=0 Stopped at sys_semop+0x384: movzwl 0(%rbx),%r15d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace sys_semop(ffff8000ffff34d0,ffff80002a363660,ffff80002a3635b0) at sys_semop+0x384 sys/kern/sysv_sem.c:604 syscall(ffff80002a363660) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a363660) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc2e4d46d00, count: -3 ddb{1}> show registers rdi 0 rsi 0xfff9 __ALIGN_SIZE+0xeff9 rbp 0xffff80002a363580 rbx 0xdeafbeaddeafbead rdx 0 rcx 0xffff8000ffff34d0 rax 0xffff8000299edff0 r8 0x7f7fffffc000 r9 0x1 r10 0x6fb02b189588b9a5 r11 0x6daddee13aadaad0 r12 0xfffffff9 r13 0xfffffd806b9a97e0 r14 0xffff80002a363660 r15 0 rip 0xffffffff821777f4 sys_semop+0x384 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff80002a363490 ss 0x10 sys_semop+0x384: movzwl 0(%rbx),%r15d ddb{1}> show proc PROC (syz-executor) tid=156127 pid=82575 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800032808550,0xffff80003c02e048 process=0xffff80003c48c510 user=0xffff80002a35e000, vmspace=0xfffffd805b7d97c8 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 82575 47003 53291 0 2 0 syz-executor 82575 279241 53291 0 3 0x4000080 fsleep syz-executor *82575 156127 53291 0 7 0x4000000 syz-executor 82575 81835 53291 0 2 0x4000000 syz-executor 97042 78957 48636 0 7 0 syz-executor 97042 63391 48636 0 2 0x4000000 syz-executor 90537 260850 52138 0 2 0 syz-executor 90537 513679 52138 0 3 0x4000080 sbwait syz-executor 90537 99402 52138 0 3 0x4000080 fsleep syz-executor 38655 160144 33428 0 3 0x80 nanoslp syz-executor 38655 176345 33428 0 3 0x4000080 sbwait syz-executor 38655 142602 33428 0 3 0x4000080 fsleep syz-executor 38655 327588 33428 0 3 0x4000080 fsleep syz-executor 52138 3636 37940 0 3 0x82 nanoslp syz-executor 66594 300824 37940 0 3 0x2 biowait syz-executor 61965 465276 37940 0 3 0x82 wait syz-executor 66266 497123 1 0 3 0x100083 ttyin getty 40752 99576 37940 0 3 0x82 wait syz-executor 48636 360510 37940 0 3 0x82 nanoslp syz-executor 85171 507441 0 0 3 0x14200 bored sosplice 31356 238271 37940 0 3 0x2 biowait syz-executor 53291 437610 37940 0 3 0x82 nanoslp syz-executor 33428 63782 37940 0 3 0x82 nanoslp syz-executor 37940 45008 11065 0 3 0x82 kqread syz-executor 11065 406271 11150 0 3 0x10008a sigsusp ksh 11150 421404 1859 0 3 0x98 kqread sshd-session 1859 170834 32586 0 3 0x92 kqread sshd-session 32586 26729 1 0 3 0x88 kqread sshd 16552 452828 53675 74 3 0x1100092 bpf pflogd 53675 17112 1 0 3 0x80 sbwait pflogd 31578 288371 42270 73 3 0x1100090 kqread syslogd 42270 318838 1 0 3 0x100082 sbwait syslogd 73269 84092 1 0 3 0x100080 kqread resolvd 19610 296477 85748 77 3 0x100092 kqread dhcpleased 71188 385028 85748 77 3 0x100092 kqread dhcpleased 85748 410425 1 0 3 0x80 kqread dhcpleased 45818 363885 0 0 3 0x14200 bored smr 20877 271719 0 0 2 0x14200 zerothread 93115 477947 0 0 3 0x14200 aiodoned aiodoned 51344 259017 0 0 3 0x14200 syncer update 72186 491442 0 0 3 0x14200 cleaner cleaner 98021 237360 0 0 3 0x14200 reaper reaper 53436 179475 0 0 3 0x14200 pgdaemon pagedaemon 1320 135649 0 0 3 0x14200 bored viomb 39356 49445 0 0 3 0x40014200 acpi0 acpi0 61815 10322 0 0 3 0x40014200 idle1 7167 356819 0 0 3 0x14200 bored softnet7 86571 380671 0 0 3 0x14200 bored softnet6 62437 148534 0 0 3 0x14200 bored softnet5 15353 104140 0 0 3 0x14200 bored softnet4 89204 490965 0 0 3 0x14200 bored softnet3 67345 495542 0 0 3 0x14200 bored softnet2 75159 27828 0 0 3 0x14200 bored softnet1 55717 230535 0 0 3 0x14200 bored softnet0 81784 507498 0 0 3 0x14200 bored systqmp 16588 170089 0 0 3 0x14200 bored systq 32787 86494 0 0 3 0x14200 tmoslp softclockmp 84865 77607 0 0 3 0x40014200 tmoslp softclock 92082 110321 0 0 3 0x40014200 idle0 1 523232 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 82575 (syz-executor) thread 0xffff8000ffff34d0 (156127) Process 82575 (syz-executor) thread 0xffff80003c02e038 (81835) Process 97042 (syz-executor) thread 0xffff80003c02fa28 (63391) Process 66594 (syz-executor) thread 0xffff80003c02ed30 (300824) Process 31356 (syz-executor) thread 0xffff8000ffff22a8 (238271) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10255 11125K 11893K 166960K 17663 0 pcb 17 19K 21K 166960K 861 0 rtable 210 15K 15K 166960K 1246 0 pf 43 19K 85K 166960K 524 0 ifaddr 34 7K 10K 166960K 281 0 ifgroup 51 2K 3K 166960K 526 0 sysctl 4 1K 9K 166960K 33 0 counters 66 36K 38K 166960K 748 0 ioctlops 0 0K 4K 166960K 2437 0 iov 0 0K 32K 166960K 532 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1607 101K 102K 166960K 6550 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 28K 30K 166960K 33 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 159 0 dirhash 12 2K 2K 166960K 102 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 240K 166960K 4862 0 sigio 0 0K 0K 166960K 178 0 proc 73 115K 164K 166960K 1483 0 subproc 72 4K 4K 166960K 198 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1113 0 in_multi 69 4K 7K 166960K 395 0 ether_multi 1 0K 0K 166960K 31 0 mrt 5 0K 0K 166960K 38 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 277 1235K 1235K 166960K 277 0 exec 0 0K 1K 166960K 1446 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 16 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 242 159K 178K 166960K 44873 0 UVM aobj 7 2K 2K 166960K 7 0 pinsyscall 41 82K 102K 166960K 6407 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 305 0 NDP 11 0K 2K 166960K 214 0 temp 80 8652K 8908K 166960K 228391 0 kqueue 13 20K 32K 166960K 893 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 659 0 655 8 7 1 3 0 8 0 rtentry 176 355 0 287 5 0 5 5 0 8 0 unpcb 144 3538 0 3517 15 13 2 6 0 8 1 syncache 336 31 0 31 4 4 0 1 0 8 0 tcpqe 32 8 0 8 4 4 0 1 0 8 0 tcpcb 736 1741 0 1733 31 23 8 8 0 8 6 arp 128 46 0 38 1 0 1 1 0 8 0 inpcb 328 5749 0 5738 44 36 8 13 0 8 6 nd6 144 60 0 50 1 0 1 1 0 8 0 pkpcb 40 102 0 102 3 3 0 1 0 8 0 kcovpl 48 22 0 14 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 2 0 1 0 8 0 ppxss 1192 282 0 282 1 0 1 1 0 8 1 pppxif 1504 96 0 96 5 5 0 1 0 8 0 pfstscr 40 7 0 6 1 0 1 1 0 8 0 pffrag 232 40 0 33 1 0 1 1 0 482 0 pffrnode 88 32 0 25 1 0 1 1 0 8 0 pffrent 40 67 0 60 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 15 0 11 1 0 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 3 0 1 1 0 1 1 0 8 0 pfstitem 24 312 0 145 2 0 2 2 0 8 0 pfstkey 128 318 0 147 6 0 6 6 0 8 0 pfstate 384 308 0 144 17 0 17 17 0 8 0 pfrule 1344 49 0 39 2 1 1 2 0 8 0 rttmr 136 8 0 8 3 3 0 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1565 0 1242 41 17 24 31 0 8 3 art_table 40 1569 0 1242 7 2 5 6 0 8 0 art_node 32 351 0 294 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 11 1 0 1 1 0 8 0 semapl 112 153 0 144 1 0 1 1 0 8 0 shmpl 112 4 0 0 1 0 1 1 0 8 0 dirhash 1024 79 0 62 3 0 3 3 0 8 0 dino2pl 256 10662 0 9129 98 1 97 97 0 8 0 ffsino 296 10662 0 9129 121 2 119 119 0 8 0 nchpl 144 17355 0 16769 64 38 26 64 0 8 0 rtmask 32 37 0 37 3 2 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 63336 0 63334 3 2 1 2 0 8 0 percpumem 16 389 0 341 1 0 1 1 0 8 0 pfiaddrpl 120 5 0 2 1 0 1 1 0 8 0 kstatmem 264 340 0 312 4 1 3 3 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 14 0 14 7 6 1 1 0 8 1 scxspl 216 133761 0 133759 19 17 2 8 1 8 1 plimitpl 152 1178 0 1160 1 0 1 1 0 8 0 sigapl 424 5156 0 5103 9 1 8 9 0 8 0 knotepl 120 1032 0 0 32 0 32 32 0 8 0 kqueuepl 224 1942 0 1933 13 8 5 5 0 8 4 pipepl 344 883 0 855 24 15 9 9 0 8 6 fdescpl 528 5104 0 5074 3 0 3 3 0 8 0 filepl 160 38100 0 37842 38 22 16 21 0 8 3 lockfpl 104 2339 0 2337 3 2 1 2 0 8 0 lockfspl 48 837 0 835 1 0 1 1 0 8 0 sessionpl 144 66 0 57 1 0 1 1 0 8 0 pgrppl 48 168 0 151 1 0 1 1 0 8 0 ucredpl 104 7111 0 7098 1 0 1 1 0 8 0 zombiepl 144 5795 0 5793 1 0 1 1 0 8 0 processpl 1248 5156 0 5103 7 0 7 7 0 8 1 procpl 664 12890 0 12828 8 1 7 8 0 8 1 sosppl 168 36 0 36 5 4 1 1 0 8 1 sockpl 752 10287 0 10251 56 44 12 18 0 8 7 mcl64k 65536 44 0 0 5 1 4 4 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 129 0 0 15 0 15 15 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 90 0 0 9 0 9 9 0 8 0 mtagpl 96 23 0 0 1 0 1 1 0 8 0 mbufpl 256 1953 0 0 123 0 123 123 0 8 0 bufpl 280 56535 0 50392 440 0 440 440 0 8 0 anonpl 32 15759 0 0 127 0 127 127 0 246 0 amapchunkpl 152 155129 0 154583 55 25 30 34 0 158 4 amappl16 200 19267 0 19233 138 120 18 37 0 8 6 amappl15 192 3 0 3 1 1 0 1 0 8 0 amappl14 184 193 0 181 1 0 1 1 0 8 0 amappl13 176 8 0 7 1 0 1 1 0 8 0 amappl12 168 5999 0 5969 3 1 2 2 0 8 0 amappl11 160 54 0 38 1 0 1 1 0 8 0 amappl10 152 9 0 8 2 1 1 1 0 8 0 amappl9 144 256 0 255 2 1 1 1 0 8 0 amappl8 136 27 0 23 1 0 1 1 0 8 0 amappl7 128 172 0 159 1 0 1 1 0 8 0 amappl6 120 353 0 349 1 0 1 1 0 8 0 amappl5 112 185 0 175 1 0 1 1 0 8 0 amappl4 104 411 0 391 1 0 1 1 0 8 0 amappl3 96 32558 0 32444 6 2 4 5 0 8 0 amappl2 88 1052 0 984 2 0 2 2 0 8 0 amappl1 80 34348 0 33749 15 0 15 15 0 8 0 amappl 88 42911 0 42740 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma32768 32768 2 0 2 2 1 1 1 0 8 1 dma8192 8192 2 0 2 2 2 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 2 0 2 2 2 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 258 0 258 4 3 1 1 0 8 1 dma64 64 9 0 9 3 3 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 25 0 24 1 0 1 1 0 8 0 aobjpl 72 6 0 0 1 0 1 1 0 8 0 uaddrrnd 24 5104 0 5074 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5104 0 5074 1 0 1 1 0 8 0 vmmpekpl 168 39923 0 39862 4 0 4 4 0 8 0 vmmpepl 168 328798 0 326790 159 47 112 120 0 357 3 vmsppl 488 5103 0 5074 6 1 5 5 0 8 0 rwobjpl 80 90650 0 83755 165 16 149 154 0 8 0 pdppl 4096 10216 0 10148 142 70 72 84 0 8 4 pvpl 32 24637 0 0 199 2 197 197 0 265 0 pmappl 256 5103 0 5074 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 496 0 129 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff8378dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153 __mp_lock(ffffffff839b7968) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff839b7968) at __mp_lock+0x1a3 sys/kern/kern_lock.c:165 intr_handler(ffff80003c44bbd0,ffff800000079a80) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:559 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f end of kernel end trace frame: 0x7beecec0dd10, count: -7 ddb{0}> machine ddbcpu 1 Stopped at sys_semop+0x384: movzwl 0(%rbx),%r15d ddb{1}> trace sys_semop(ffff8000ffff34d0,ffff80002a363660,ffff80002a3635b0) at sys_semop+0x384 sys/kern/sysv_sem.c:604 syscall(ffff80002a363660) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a363660) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc2e4d46d00, count: -3