login: kernel: protection fault trap, code=0 Stopped at sys_semop+0x45b: movzwl 0(%rax),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff8000ffff62a8,ffff800030d82f40,ffff800030d82e90) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff800030d82f40) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff800030d82f40) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9a871e9fbd0, count: -3 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff800030d82e60 rbx 0 rdx 0 rcx 0xffff8000ffff62a8 rax 0xdead4110dead4110 r8 0x7f7fffffc000 r9 0 r10 0xe54e7c5ac1503821 r11 0x872a3a2ba8236cf0 r12 0xffff800001338804 r13 0 r14 0xffff800030d82f40 r15 0 rip 0xffffffff81568eeb sys_semop+0x45b cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800030d82d40 ss 0 sys_semop+0x45b: movzwl 0(%rax),%r15d ddb{0}> show proc PROC (syz-executor) tid=48605 pid=96184 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffff6530,0xffff8000371dacf8 process=0xffff8000ffffa8d8 user=0xffff800030d7d000, vmspace=0xfffffd806ce83a98 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 96184 162280 35413 0 2 0 syz-executor *96184 48605 35413 0 7 0x4000000 syz-executor 96184 497961 35413 0 2 0x4000000 syz-executor 96184 399259 35413 0 2 0x4000000 syz-executor 76996 7434 52244 0 2 0 syz-executor 76996 140521 52244 0 3 0x4000080 fsleep syz-executor 19478 284384 80527 0 2 0x4000000 syz-executor 19478 490556 80527 0 3 0x4000080 lockf syz-executor 19478 373799 80527 0 3 0x4000080 lockf syz-executor 19478 147621 80527 0 2 0x4000000 syz-executor 9034 393687 73217 0 2 0 syz-executor 9034 68877 73217 0 3 0x4000080 fsleep syz-executor 9034 297832 73217 0 3 0x4000080 fsleep syz-executor 8582 174833 827 0 2 0 syz-executor 8582 283527 827 0 3 0x4000080 fsleep syz-executor 8582 25226 827 0 3 0x4000080 fsleep syz-executor 8582 221489 827 0 3 0x4000080 fsleep syz-executor 22884 505008 3275 0 7 0x2 syz-executor 52244 463671 3275 0 2 0x482 syz-executor 43097 502697 1 0 3 0x100083 ttyin getty 35413 174466 3275 0 3 0x82 nanoslp syz-executor 44160 244933 0 0 3 0x14200 acct acct 58770 342034 0 0 3 0x14200 bored sosplice 73217 223712 3275 0 2 0x482 syz-executor 827 37498 3275 0 2 0x482 syz-executor 2805 5056 3275 0 3 0x82 wait syz-executor 80527 77180 3275 0 2 0x482 syz-executor 87059 43643 3275 0 2 0x2 syz-executor 3275 104412 41019 0 3 0x82 kqread syz-executor 41019 26871 92480 0 3 0x10008a sigsusp ksh 92480 55001 86011 0 3 0x98 kqread sshd-session 86011 78037 49691 0 3 0x92 kqread sshd-session 49691 41152 1 0 3 0x88 kqread sshd 2070 311659 24871 74 3 0x1100092 bpf pflogd 24871 43284 1 0 3 0x80 sbwait pflogd 84993 328031 67947 73 3 0x1100090 kqread syslogd 67947 132396 1 0 3 0x100082 sbwait syslogd 35623 445400 1 0 3 0x100080 kqread resolvd 5593 121824 92623 77 3 0x100092 kqread dhcpleased 81671 214786 92623 77 3 0x100092 kqread dhcpleased 92623 285278 1 0 3 0x80 kqread dhcpleased 45221 427418 0 0 3 0x14200 bored smr 20491 91626 0 0 2 0x14200 zerothread 37850 489858 0 0 3 0x14200 aiodoned aiodoned 76107 302157 0 0 3 0x14200 syncer update 91598 78142 0 0 3 0x14200 cleaner cleaner 17669 57365 0 0 3 0x14200 reaper reaper 32877 403199 0 0 3 0x14200 pgdaemon pagedaemon 39728 337022 0 0 3 0x14200 bored viomb 25440 311367 0 0 3 0x40014200 acpi0 acpi0 84046 193456 0 0 3 0x40014200 idle1 7760 221041 0 0 3 0x14200 bored softnet3 24816 298110 0 0 3 0x14200 bored softnet2 72215 164733 0 0 3 0x14200 bored softnet1 13159 129257 0 0 3 0x14200 bored softnet0 43839 358126 0 0 3 0x14200 bored systqmp 32008 341815 0 0 3 0x14200 bored systq 35542 29900 0 0 3 0x14200 tmoslp softclockmp 97129 351835 0 0 2 0x40014200 softclock 43861 384799 0 0 3 0x40014200 idle0 1 88184 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 96184 (syz-executor) thread 0xffff8000ffff62a8 (48605) Process 96184 (syz-executor) thread 0xffff8000371dace8 (497961) Process 96184 (syz-executor) thread 0xffff8000371daa60 (399259) Process 22884 (syz-executor) thread 0xffff8000371b5470 (505008) Process 87059 (syz-executor) thread 0xffff8000ffffdbe8 (43643) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10244 11355K 12462K 166960K 13637 0 pcb 20 15K 16K 166960K 594 0 rtable 220 7K 7K 166960K 715 0 pf 34 17K 81K 166960K 109 0 ifaddr 42 7K 7K 166960K 99 0 ifgroup 55 2K 2K 166960K 137 0 sysctl 3 0K 4K 166960K 13 0 counters 64 36K 36K 166960K 122 0 ioctlops 0 0K 4K 166960K 1637 0 iov 0 0K 16K 166960K 271 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1481 93K 93K 166960K 2828 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 35 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 88 0 dirhash 12 2K 2K 166960K 30 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 16 57K 97K 166960K 1875 0 sigio 0 0K 0K 166960K 127 0 proc 72 91K 128K 166960K 807 0 subproc 104 6K 6K 166960K 160 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 441 0 in_multi 91 6K 7K 166960K 220 0 ether_multi 1 0K 0K 166960K 21 0 mrt 3 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 259 1155K 1155K 166960K 259 0 exec 0 0K 1K 166960K 864 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 5 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 250 73K 77K 166960K 19045 0 UVM aobj 95 9K 9K 166960K 107 0 pinsyscall 41 82K 106K 166960K 3056 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 125 0 NDP 12 0K 2K 166960K 70 0 temp 79 6824K 6904K 166960K 78473 0 kqueue 14 22K 30K 166960K 335 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 183 0 180 1 0 1 1 0 8 0 rtentry 112 196 0 96 4 0 4 4 0 8 0 unpcb 144 1078 0 1057 11 10 1 6 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 661 0 654 17 9 8 8 0 8 7 arp 120 36 0 14 1 0 1 1 0 8 0 inpcb 336 2636 0 2622 24 14 10 13 0 8 8 nd6 136 41 0 17 1 0 1 1 0 8 0 pkpcb 40 15 0 15 2 2 0 1 0 8 0 kcovpl 48 12 0 4 1 0 1 1 0 8 0 ppxss 1168 20 0 20 3 3 0 1 0 8 0 pffrag 232 11 0 3 1 0 1 1 0 482 0 pffrnode 88 11 0 3 1 0 1 1 0 8 0 pffrent 40 19 0 11 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 131 0 27 1 0 1 1 0 8 0 pfstkey 128 131 0 27 4 0 4 4 0 8 0 pfstate 376 131 0 27 11 0 11 11 0 8 0 pfrule 1344 21 0 15 2 0 2 2 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 829 0 388 34 6 28 29 0 8 0 art_table 32 833 0 388 4 0 4 4 0 8 0 art_node 16 189 0 99 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 5 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 84 0 75 1 0 1 1 0 8 0 shmpl 112 104 0 12 3 0 3 3 0 8 0 dirhash 1024 29 0 12 3 0 3 3 0 8 0 dino2pl 256 4763 0 3251 95 0 95 95 0 8 0 ffsino 272 4763 0 3251 102 0 102 102 0 8 0 nchpl 144 7564 0 7030 63 39 24 63 0 8 0 uvmvnodes 80 5700 0 0 117 0 117 117 0 8 0 vnodes 216 5700 0 0 317 0 317 317 0 8 0 namei 1024 30474 0 30472 4 3 1 2 0 8 0 percpumem 16 75 0 29 1 0 1 1 0 8 0 kstatmem 264 82 0 58 2 0 2 2 0 8 0 scsiplug 72 6 0 6 3 3 0 1 0 8 0 scxspl 216 22647 0 22647 16 15 1 8 1 8 1 plimitpl 152 494 0 477 1 0 1 1 0 8 0 sigapl 424 2190 0 2140 9 3 6 8 0 8 0 futexpl 64 26280 0 26273 1 0 1 1 0 8 0 knotepl 120 558 0 0 17 0 17 17 0 8 0 kqueuepl 216 575 0 565 5 4 1 3 0 8 0 pipepl 320 391 0 364 8 5 3 8 0 8 0 fdescpl 496 2149 0 2119 6 1 5 6 0 8 0 filepl 152 14170 0 13912 25 9 16 18 0 8 3 lockfpl 104 761 0 756 1 0 1 1 0 8 0 lockfspl 48 266 0 263 1 0 1 1 0 8 0 sessionpl 144 28 0 19 1 0 1 1 0 8 0 pgrppl 48 66 0 49 1 0 1 1 0 8 0 ucredpl 104 2532 0 2517 1 0 1 1 0 8 0 zombiepl 144 2193 0 2192 1 0 1 1 0 8 0 processpl 1160 2190 0 2140 6 2 4 6 0 8 0 procpl 648 5072 0 5010 9 3 6 8 0 8 0 srpgc 96 9 0 9 3 3 0 1 0 8 0 sosppl 168 13 0 13 3 3 0 1 0 8 0 sockpl 664 4099 0 4061 31 19 12 15 0 8 8 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 152 0 0 19 0 19 19 0 8 0 mcl2k 2048 34 0 0 5 0 5 5 0 8 0 mtagpl 96 21 0 0 1 0 1 1 0 8 0 mbufpl 256 257 0 0 15 0 15 15 0 8 0 bufpl 280 7061 0 887 442 0 442 442 0 8 0 anonpl 24 330992 0 326454 77 41 36 72 0 185 1 amapchunkpl 152 62266 0 61686 45 19 26 31 0 158 0 amappl16 200 8528 0 8497 54 49 5 27 0 8 0 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 160 0 148 1 0 1 1 0 8 0 amappl13 176 41 0 41 2 2 0 1 0 8 0 amappl12 168 2854 0 2824 4 1 3 3 0 8 0 amappl11 160 62 0 47 1 0 1 1 0 8 0 amappl10 152 25 0 24 1 0 1 1 0 8 0 amappl9 144 165 0 165 1 1 0 1 0 8 0 amappl8 136 26 0 23 1 0 1 1 0 8 0 amappl7 128 113 0 101 1 0 1 1 0 8 0 amappl6 120 221 0 219 1 0 1 1 0 8 0 amappl5 112 147 0 135 1 0 1 1 0 8 0 amappl4 104 324 0 303 1 0 1 1 0 8 0 amappl3 96 11554 0 11450 3 0 3 3 0 8 0 amappl2 88 2432 0 2347 2 0 2 2 0 8 0 amappl1 80 13051 0 12493 15 2 13 14 0 8 0 amappl 88 18473 0 18287 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 255 0 255 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 106 0 12 2 0 2 2 0 8 0 uaddrrnd 24 2149 0 2119 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2149 0 2119 1 0 1 1 0 8 0 vmmpekpl 168 17840 0 17799 3 0 3 3 0 8 0 vmmpepl 168 135759 0 133910 109 21 88 105 0 357 1 vmsppl 448 2148 0 2119 6 2 4 5 0 8 0 rwobjpl 56 42933 0 36183 98 2 96 96 0 8 0 pdppl 4096 4305 0 4238 113 42 71 87 0 8 4 pvpl 32 18501 0 0 149 0 149 149 0 265 0 pmappl 248 2148 0 2119 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 451 0 82 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff8000ffff62a8,ffff800030d82f40,ffff800030d82e90) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff800030d82f40) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff800030d82f40) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9a871e9fbd0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff836161b8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff836161b8) at __mp_lock+0x192 sys/kern/kern_lock.c:144 __mp_acquire_count(ffffffff836161b8,1) at __mp_acquire_count+0x58 mi_switch() at mi_switch+0x4b7 sys/kern/sched_bsd.c:441 sleep_finish(0,1) at sleep_finish+0x2f2 sys/kern/kern_synch.c:425 getblk(fffffd8009325000,195180,4000,0,ffffffffffffffff) at getblk+0x197 sys/kern/vfs_bio.c:1017 bread(fffffd8009325000,195180,4000,ffff80002a097b98) at bread+0x47 bio_doread sys/kern/vfs_bio.c:422 [inline] bread(fffffd8009325000,195180,4000,ffff80002a097b98) at bread+0x47 sys/kern/vfs_bio.c:467 ffs_update(fffffd807ca78558,1) at ffs_update+0x198 sys/ufs/ffs/ffs_inode.c:91 ufs_mkdir(ffff80002a097d80) at ufs_mkdir+0x55a sys/ufs/ufs/ufs_vnops.c:1160 VOP_MKDIR(fffffd805e2ca608,ffff80002a097ee0,ffff80002a097f10,ffff80002a097e10) at VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 domkdirat(ffff8000371b5470,ffffff9c,7375504a5560,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3099 syscall(ffff80002a098090) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a098090) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7375504a55f0, count: -15