kernel: protection fault trap, code=0 Stopped at sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff80003b0482c0,ffff80003c48bb80,ffff80003c48bad0) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003c48bb80) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c48bb80) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcf84fe2d1f0, count: -3 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80003c48baa0 rbx 0xdead4110dead41a0 rdx 0 rcx 0xffff80003b0482c0 rax 0xdead4110dead41a0 r8 0x7f7fffffc000 r9 0 r10 0xd3a772f7b44d1145 r11 0xff9a3058599dddf r12 0 r13 0xfffffd8066f32e70 r14 0xffff80003c48bb80 r15 0 rip 0xffffffff82b46ba5 sys_semop+0x3d5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c48b9b0 ss 0x10 sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{0}> show proc PROC (syz-executor) tid=498871 pid=24066 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003b048558,0xffff80003b0494f8 process=0xffff8000394266a0 user=0xffff80003c486000, vmspace=0xfffffd80671e9030 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 24066 328351 62492 0 2 0 syz-executor 24066 512915 62492 0 2 0x4000000 syz-executor *24066 498871 62492 0 7 0x4000000 syz-executor 24066 210193 62492 0 2 0x4000080 syz-executor 23882 204952 85509 0 3 0x80 nanoslp syz-executor 23882 241855 85509 0 3 0x4000080 sbwait syz-executor 23882 378471 85509 0 3 0x4000080 fsleep syz-executor 40586 79762 13017 0 3 0x80 nanoslp syz-executor 40586 249710 13017 0 3 0x4000080 sbwait syz-executor 40586 164063 13017 0 3 0x4000080 sbwait syz-executor 40586 158268 13017 0 3 0x4000080 fsleep syz-executor 96939 194117 79904 0 3 0x3000 suspend syz-executor 96939 236072 79904 0 2 0x4081000 syz-executor 96939 218962 79904 0 3 0x4081000 inode syz-executor 96939 467100 79904 0 3 0x4081000 inode syz-executor 9659 511464 1 0 3 0x100083 ttyin getty 58297 362272 0 0 3 0x14200 bored sosplice 85509 414452 99582 0 3 0x82 nanoslp syz-executor 62492 390690 99582 0 3 0x82 nanoslp syz-executor 56510 479128 99582 0 7 0x2 syz-executor 79904 239511 99582 0 3 0x82 nanoslp syz-executor 13017 251572 99582 0 3 0x82 nanoslp syz-executor 22417 350494 99582 0 3 0x82 nanoslp syz-executor 46157 439700 99582 0 3 0x82 wait syz-executor 8371 265984 99582 0 3 0x82 wait syz-executor 99582 270557 41899 0 3 0x82 kqread syz-executor 41899 426639 93877 0 3 0x10008a sigsusp ksh 93877 255847 60041 0 3 0x98 kqread sshd-session 60041 212586 60783 0 3 0x92 kqread sshd-session 60783 219271 1 0 3 0x88 kqread sshd 56460 223452 44244 74 3 0x1100092 bpf pflogd 44244 156634 1 0 3 0x80 sbwait pflogd 94412 73078 92308 73 3 0x1100090 kqread syslogd 92308 406412 1 0 3 0x100082 sbwait syslogd 15668 430178 1 0 3 0x100080 kqread resolvd 20559 24263 31874 77 3 0x100092 kqread dhcpleased 5344 44115 31874 77 3 0x100092 kqread dhcpleased 31874 227936 1 0 3 0x80 kqread dhcpleased 75178 287634 0 0 3 0x14200 bored smr 34178 451213 0 0 3 0x14200 pgzero zerothread 9937 322086 0 0 3 0x14200 aiodoned aiodoned 17259 21611 0 0 3 0x14200 syncer update 72465 294604 0 0 3 0x14200 cleaner cleaner 17605 295084 0 0 3 0x14200 reaper reaper 49395 152466 0 0 3 0x14200 pgdaemon pagedaemon 30023 42159 0 0 3 0x14200 bored viomb 81217 275042 0 0 3 0x40014200 acpi0 acpi0 50309 330776 0 0 3 0x40014200 idle1 50910 219374 0 0 3 0x14200 bored softnet7 33046 180422 0 0 3 0x14200 bored softnet6 85667 293433 0 0 3 0x14200 bored softnet5 6951 221268 0 0 3 0x14200 bored softnet4 29911 383566 0 0 3 0x14200 bored softnet3 7135 431421 0 0 3 0x14200 bored softnet2 39781 27184 0 0 3 0x14200 bored softnet1 39247 14562 0 0 3 0x14200 bored softnet0 88380 135652 0 0 3 0x14200 bored systqmp 20766 114085 0 0 3 0x14200 bored systq 68226 498977 0 0 3 0x14200 tmoslp softclockmp 64591 467536 0 0 3 0x40014200 tmoslp softclock 1061 172675 0 0 3 0x40014200 idle0 1 316740 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 24066 (syz-executor) thread 0xffff80003b048558 (512915) Process 24066 (syz-executor) thread 0xffff80003b0482c0 (498871) Process 40586 (syz-executor) thread 0xffff800034c0f790 (249710) Process 96939 (syz-executor) thread 0xffff80003b049cb0 (236072) Process 96939 (syz-executor) thread 0xffff800034c0e2d0 (218962) Process 56510 (syz-executor) thread 0xffff8000ffff2a70 (479128) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10230 11031K 12439K 166960K 12366 0 pcb 17 16K 18K 166960K 378 0 rtable 181 12K 12K 166960K 571 0 pf 41 18K 21K 166960K 178 0 ifaddr 37 6K 8K 166960K 102 0 ifgroup 63 2K 2K 166960K 181 0 sysctl 4 1K 9K 166960K 12 0 counters 72 37K 38K 166960K 212 0 ioctlops 0 0K 4K 166960K 1725 0 iov 0 0K 32K 166960K 100 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1464 92K 93K 166960K 2244 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 29 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 75 0 dirhash 12 2K 3K 166960K 39 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 89K 166960K 1229 0 sigio 0 0K 0K 166960K 26 0 proc 73 115K 164K 166960K 724 0 subproc 72 4K 4K 166960K 73 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 212 0 in_multi 62 4K 7K 166960K 153 0 ether_multi 1 0K 0K 166960K 13 0 mrt 3 0K 0K 166960K 14 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 127 572K 572K 166960K 127 0 exec 0 0K 1K 166960K 582 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 6 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 263 161K 173K 166960K 13476 0 UVM aobj 33 5K 5K 166960K 34 0 pinsyscall 42 84K 99K 166960K 2360 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 53 0 NDP 14 0K 1K 166960K 70 0 temp 71 8650K 8775K 166960K 51056 0 kqueue 13 20K 31K 166960K 264 0 SYN cache 2 8K 16K 166960K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 311 0 307 7 6 1 3 0 8 0 rtentry 176 132 0 71 5 0 5 5 0 8 0 unpcb 144 869 0 846 6 4 2 4 0 8 1 syncache 336 12 0 12 3 2 1 1 0 8 1 tcpqe 32 3 0 3 3 2 1 1 0 8 1 tcpcb 736 514 0 505 12 11 1 7 0 8 0 arp 136 15 0 5 1 0 1 1 0 8 0 inpcb 328 1638 0 1621 20 13 7 12 0 8 4 nd6 144 22 0 10 1 0 1 1 0 8 0 pkpcb 40 16 0 16 2 1 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1192 59 0 59 4 3 1 1 0 8 1 pppxif 1504 3 0 3 2 1 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 16 0 4 1 0 1 1 0 482 0 pffrnode 88 12 0 3 1 0 1 1 0 8 0 pffrent 40 23 0 11 1 0 1 1 0 8 0 pfosfp 40 1429 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1429 0 714 21 0 21 21 0 8 0 pfrktable 1344 3 0 3 1 1 0 1 0 8 0 pfanchor 1288 1 0 1 1 1 0 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 92 0 31 1 0 1 1 0 8 0 pfstkey 128 94 0 33 3 0 3 3 0 8 0 pfstate 384 93 0 32 7 0 7 7 0 8 0 pfrule 1344 33 0 28 2 1 1 2 0 8 0 rttmr 136 5 0 5 3 3 0 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 640 0 384 29 5 24 29 0 8 0 art_table 40 644 0 384 5 0 5 5 0 8 0 art_node 32 132 0 81 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 6 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 70 0 61 1 0 1 1 0 8 0 shmpl 112 31 0 1 1 0 1 1 0 8 0 dirhash 1024 35 0 18 3 0 3 3 0 8 0 dino2pl 256 3764 0 2258 96 0 96 96 0 8 0 ffsino 296 3764 0 2258 117 0 117 117 0 8 0 nchpl 144 5555 0 4998 64 39 25 64 0 8 0 rtmask 32 16 0 16 5 4 1 1 0 8 1 uvmvnodes 80 4260 0 0 87 0 87 87 0 8 0 vnodes 216 4260 0 0 237 0 237 237 0 8 0 namei 1024 18496 0 18493 3 2 1 2 0 8 0 percpumem 16 121 0 70 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 1 1 1 0 1 0 8 0 kstatmem 264 114 0 80 4 1 3 3 0 8 0 scsiplug 72 8 0 8 4 3 1 1 0 8 1 scxspl 216 43954 0 43954 10 9 1 8 1 8 1 plimitpl 152 384 0 365 1 0 1 1 0 8 0 sigapl 424 1549 0 1495 7 0 7 7 0 8 0 knotepl 120 564 0 0 17 0 17 17 0 8 0 kqueuepl 224 433 0 424 5 3 2 2 0 8 1 pipepl 344 211 0 184 3 0 3 3 0 8 0 fdescpl 528 1520 0 1489 3 0 3 3 0 8 0 filepl 160 9808 0 9542 25 12 13 19 0 8 1 lockfpl 104 490 0 488 1 0 1 1 0 8 0 lockfspl 48 205 0 203 1 0 1 1 0 8 0 sessionpl 144 33 0 24 1 0 1 1 0 8 0 pgrppl 48 57 0 40 1 0 1 1 0 8 0 ucredpl 104 1247 0 1232 1 0 1 1 0 8 0 zombiepl 144 1604 0 1600 1 0 1 1 0 8 0 processpl 1232 1549 0 1495 5 0 5 5 0 8 0 procpl 664 3564 0 3499 8 1 7 7 0 8 0 sosppl 168 16 0 15 3 2 1 1 0 8 0 sockpl 752 2992 0 2948 33 23 10 17 0 8 5 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 127 0 0 16 0 16 16 0 8 0 mcl2k 2048 63 0 0 6 0 6 6 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 1180 0 0 74 0 74 74 0 8 0 bufpl 280 19685 0 13439 447 0 447 447 0 8 0 anonpl 32 19981 0 0 163 1 162 162 0 246 0 amapchunkpl 152 44275 0 43717 41 13 28 30 0 158 5 amappl16 200 7192 0 6856 87 63 24 52 0 8 5 amappl15 192 20 0 20 1 1 0 1 0 8 0 amappl14 184 131 0 119 1 0 1 1 0 8 0 amappl13 176 5 0 5 2 2 0 1 0 8 0 amappl12 168 2208 0 2177 3 1 2 2 0 8 0 amappl11 160 49 0 35 1 0 1 1 0 8 0 amappl10 152 3 0 1 1 0 1 1 0 8 0 amappl9 144 260 0 260 1 1 0 1 0 8 0 amappl8 136 26 0 23 1 0 1 1 0 8 0 amappl7 128 121 0 108 1 0 1 1 0 8 0 amappl6 120 216 0 212 1 0 1 1 0 8 0 amappl5 112 125 0 115 1 0 1 1 0 8 0 amappl4 104 334 0 315 1 0 1 1 0 8 0 amappl3 96 7672 0 7570 4 1 3 4 0 8 0 amappl2 88 1839 0 1759 2 0 2 2 0 8 0 amappl1 80 14626 0 14029 15 0 15 15 0 8 0 amappl 88 12539 0 12351 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 3 0 2 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 33 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1520 0 1489 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1520 0 1489 1 0 1 1 0 8 0 vmmpekpl 168 14344 0 14306 4 1 3 3 0 8 0 vmmpepl 168 104507 0 102179 141 31 110 132 0 357 5 vmsppl 488 1519 0 1489 7 2 5 5 0 8 0 rwobjpl 80 35403 0 29852 119 5 114 114 0 8 0 pdppl 4096 3048 0 2978 106 32 74 84 0 8 4 pvpl 32 30149 0 0 245 2 243 243 0 265 0 pmappl 256 1519 0 1489 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 363 0 56 10 1 9 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff80003b0482c0,ffff80003c48bb80,ffff80003c48bad0) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003c48bb80) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c48bb80) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcf84fe2d1f0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838e5538) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838e5538) at __mp_lock+0x192 sys/kern/kern_lock.c:165 __mp_acquire_count(ffffffff838e5538,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2d8 sys/kern/kern_synch.c:367 biowait(fffffd806fa3ad50) at biowait+0xc6 sys/kern/vfs_bio.c:1242 bwrite(fffffd806fa3ad50) at bwrite+0x2e7 sys/kern/vfs_bio.c:754 ffs_update(fffffd806d2c6e10,1) at ffs_update+0x2fe sys/ufs/ffs/ffs_inode.c:111 ufs_mkdir(ffff80002a3b9480) at ufs_mkdir+0x3b3 sys/ufs/ufs/ufs_vnops.c:1143 VOP_MKDIR(fffffd806bffda60,ffff80002a3b95e0,ffff80002a3b9610,ffff80002a3b9510) at VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394 domkdirat(ffff8000ffff2a70,ffffff9c,76fd06e67640,1ff) at domkdirat+0x179 sys/kern/vfs_syscalls.c:3113 syscall(ffff80002a3b9790) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a3b9790) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76fd06e676e0, count: -14