login: panic: pool_do_get: shmpl free list modified: page 0xfffffd8066278000; item addr 0xfffffd80662788c0; offset 0x40=0x6a01b0c1 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *186072 45676 32767 0x10 0x4000000 1K syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8344c04b) at panic+0x1e5 sys/kern/subr_prf.c:198 pool_do_get(ffffffff83a2c018,1,ffff80003c3feb48) at pool_do_get+0x5df pool_get(ffffffff83a2c018,1) at pool_get+0x162 sys/kern/subr_pool.c:-1 shmget_allocate_segment(ffff8000373a7778,ffff80003c3feda0,81,ffff80003c3fecf0) at shmget_allocate_segment+0x1af sys/kern/sysv_shm.c:-1 sys_shmget(ffff8000373a7778,ffff80003c3feda0,ffff80003c3fecf0) at sys_shmget+0x195 sys/kern/sysv_shm.c:484 syscall(ffff80003c3feda0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c3feda0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x22b5cbf6e40, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: pool_do_get: shmpl free list modified: page 0xfffffd8066278000; item addr 0xfffffd80662788c0; offset 0x40=0x6a01b0c1 ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8344c04b) at panic+0x1e5 sys/kern/subr_prf.c:198 pool_do_get(ffffffff83a2c018,1,ffff80003c3feb48) at pool_do_get+0x5df pool_get(ffffffff83a2c018,1) at pool_get+0x162 sys/kern/subr_pool.c:-1 shmget_allocate_segment(ffff8000373a7778,ffff80003c3feda0,81,ffff80003c3fecf0) at shmget_allocate_segment+0x1af sys/kern/sysv_shm.c:-1 sys_shmget(ffff8000373a7778,ffff80003c3feda0,ffff80003c3fecf0) at sys_shmget+0x195 sys/kern/sysv_shm.c:484 syscall(ffff80003c3feda0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c3feda0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x22b5cbf6e40, count: -8 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80003c3fe970 rbx 0xffff8000299aee07 rdx 0xffff8000015aadc0 rcx 0xffff8000373a7778 rax 0xffff8000299adff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xef8c21759730059a r11 0x31ed03232f3d3a24 r12 0xffff8000299aec08 r13 0 r14 0 r15 0x1 rip 0xffffffff81e61b65 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c3fe960 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=186072 pid=45676 tcnt=2 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000373a74e0,0xffff8000373a7258 process=0xffff8000fffe5360 user=0xffff80003c3f9000, vmspace=0xfffffd806c9e77b8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 95716 101505 58387 0 2 0 sshd-session 43406 504729 29892 32767 2 0x10 syz-executor 43406 266453 29892 32767 3 0x4000090 fsleep syz-executor 43406 346136 29892 32767 3 0x4000090 fsleep syz-executor 43406 252644 29892 32767 2 0x4000090 syz-executor 58387 350552 82345 0 3 0x82 kqread sshd-session 99810 509904 81147 32767 3 0x90 nanoslp syz-executor 99810 277567 81147 32767 3 0x4000090 ttyout syz-executor 99810 103417 81147 32767 3 0x4000090 ttyretype syz-executor 99810 107249 81147 32767 3 0x4000090 fsleep syz-executor 47767 483526 4200 32767 2 0x10 syz-executor 47767 238559 4200 32767 3 0x4000090 kqsel syz-executor 47767 368251 4200 32767 3 0x4000090 fsleep syz-executor 45676 329417 11342 32767 2 0x10 syz-executor *45676 186072 11342 32767 7 0x4000010 syz-executor 86857 456901 63848 32767 3 0x90 nanoslp syz-executor 86857 500664 63848 32767 3 0x4000090 ttyin syz-executor 86857 104602 63848 32767 3 0x4000090 fsleep syz-executor 94057 167299 3632 0 3 0x100082 sbwait arp 63848 387065 65707 32767 3 0x90 nanoslp syz-executor 4200 288907 75795 32767 3 0x90 nanoslp syz-executor 3632 6571 5836 0 3 0x10008a sigsusp sh 84982 143842 8907 32767 3 0x90 nanoslp syz-executor 81147 361663 13435 32767 3 0x90 nanoslp syz-executor 24709 139869 99206 32767 3 0x10 biowait syz-executor 29892 135278 22034 32767 3 0x90 nanoslp syz-executor 5836 437939 97122 0 3 0x80 wait syz-executor 11342 46870 86132 32767 3 0x90 nanoslp syz-executor 65707 385166 99327 0 3 0x82 wait syz-executor 75795 260910 99327 0 3 0x82 wait syz-executor 13435 396830 99327 0 3 0x82 wait syz-executor 22034 172373 99327 0 3 0x82 wait syz-executor 8907 165346 99327 0 3 0x82 wait syz-executor 99206 463060 99327 0 3 0x82 wait syz-executor 97122 474969 99327 0 3 0x82 wait syz-executor 86132 430225 99327 0 3 0x82 wait syz-executor 99327 431532 66572 0 3 0x82 kqread syz-executor 66572 201667 81275 0 3 0x10008a sigsusp ksh 81275 306476 42187 0 3 0x98 kqread sshd-session 42187 403709 82345 0 3 0x92 kqread sshd-session 88566 228934 1 0 3 0x100083 ttyin getty 82345 190007 1 0 3 0x88 kqread sshd 59265 223681 44464 73 3 0x1100090 kqread syslogd 44464 167112 1 0 3 0x100082 sbwait syslogd 27224 326388 1 0 3 0x100080 kqread resolvd 3467 12329 3311 77 3 0x100092 kqread dhcpleased 34375 1112 3311 77 3 0x100092 kqread dhcpleased 3311 469194 1 0 3 0x80 kqread dhcpleased 45057 261856 0 0 3 0x14200 bored smr 55193 374569 0 0 2 0x14200 zerothread 1538 277962 0 0 3 0x14200 aiodoned aiodoned 16525 360728 0 0 3 0x14200 syncer update 2517 498394 0 0 3 0x14200 cleaner cleaner 25631 277322 0 0 3 0x14200 reaper reaper 55207 452750 0 0 3 0x14200 pgdaemon pagedaemon 24524 289337 0 0 3 0x14200 bored viomb 53401 522553 0 0 3 0x40014200 acpi0 acpi0 35378 467155 0 0 3 0x40014200 idle1 45984 181287 0 0 3 0x14200 bored softnet1 52422 433995 0 0 3 0x14200 bored softnet0 71196 106871 0 0 3 0x14200 smrbar systqmp 14765 18027 0 0 3 0x14200 bored systq 14870 135519 0 0 3 0x14200 tmoslp softclockmp 99376 464189 0 0 3 0x40014200 tmoslp softclock 41010 514905 0 0 3 0x40014200 idle0 1 114922 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806c325c10) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487 #2 pmap_do_remove+0xa9 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline] #2 pmap_do_remove+0xa9 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline] #2 pmap_do_remove+0xa9 sys/arch/amd64/amd64/pmap.c:1827 #3 uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1869 #4 uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline] #4 uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2497 #5 exit1+0x6fc sys/kern/kern_exit.c:260 #6 sys_exit+0x1a sys/kern/kern_exit.c:-1 #7 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #7 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #8 Xsyscall+0x128 CPU 1: exclusive mutex shmpl r = 0 (0xffffffff83a2c030) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487 #2 pool_get+0x124 sys/kern/subr_pool.c:585 #3 shmget_allocate_segment+0x1af sys/kern/sysv_shm.c:-1 #4 sys_shmget+0x195 sys/kern/sysv_shm.c:484 #5 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #5 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #6 Xsyscall+0x128 Process 45676 (syz-executor) thread 0xffff8000373a7778 (186072) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a24140) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline] #1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783 #2 Xsyscall+0x128 exclusive mutex shmpl r = 0 (0xffffffff83a2c030) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487 #2 pool_get+0x124 sys/kern/subr_pool.c:585 #3 shmget_allocate_segment+0x1af sys/kern/sysv_shm.c:-1 #4 sys_shmget+0x195 sys/kern/sysv_shm.c:484 #5 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #5 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #6 Xsyscall+0x128 Process 24709 (syz-executor) thread 0xffff8000fffee2b0 (139869) exclusive rrwlock inode r = 0 (0xfffffd806cff6c48) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576 #5 vget+0x2a2 sys/kern/vfs_subr.c:686 #6 ufs_ihashget+0x185 sys/ufs/ufs/ufs_ihash.c:98 #7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1203 #8 ufs_lookup+0x1a36 sys/ufs/ufs/ufs_lookup.c:478 #9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #10 vfs_lookup+0x98a sys/kern/vfs_lookup.c:567 #11 namei+0x7ca sys/kern/vfs_lookup.c:250 #12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1887 #13 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #13 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806cd53300) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576 #5 vfs_lookup+0x11c sys/kern/vfs_lookup.c:-1 #6 namei+0x7ca sys/kern/vfs_lookup.c:250 #7 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1887 #8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 Process 71196 (systqmp) thread 0xffff8000ffffe530 (106871) shared rwlock systqmp r = 0 (0xffffffff838e8b48) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 taskq_thread+0x12a sys/kern/kern_task.c:442 #2 proc_trampoline+0x10 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11056 12019K 12034K 166960K 12147 0 pcb 17 12K 12K 166960K 17 0 rtable 221 6K 6K 166960K 331 0 pf 31 16K 16K 166960K 31 0 ifaddr 40 7K 7K 166960K 42 0 ifgroup 50 2K 2K 166960K 50 0 sysctl 3 1K 9K 166960K 7 0 counters 70 37K 37K 166960K 70 0 ioctlops 0 0K 4K 166960K 33 0 iov 0 0K 12K 166960K 4 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1288 81K 81K 166960K 1358 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 4 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 25 93K 121K 166960K 236 0 sigio 0 0K 0K 166960K 3 0 proc 58 99K 147K 166960K 511 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 18 0 in_multi 89 6K 6K 166960K 92 0 ether_multi 1 0K 0K 166960K 2 0 mrt 1 0K 0K 166960K 8 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 377 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 267 186K 203K 166960K 3931 0 UVM aobj 8 2K 2K 166960K 9 0 pinsyscall 51 102K 114K 166960K 1338 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 2 0 NDP 11 0K 1K 166960K 25 0 temp 34 9070K 9134K 166960K 4236 0 kqueue 17 24K 26K 166960K 38 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 75 0 71 2 0 2 2 0 8 1 rtentry 176 104 0 2 5 0 5 5 0 8 0 unpcb 144 105 0 83 1 0 1 1 0 8 0 syncache 336 9 0 9 1 0 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 736 74 0 65 2 0 2 2 0 8 1 arp 136 17 0 0 1 0 1 1 0 8 0 ipq 40 1 0 1 1 0 1 1 0 8 1 ipqe 40 2 0 2 1 0 1 1 0 8 1 inpcb 328 206 0 192 4 0 4 4 0 8 2 nd6 152 22 0 1 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 414 0 0 26 0 26 26 0 8 0 art_table 40 415 0 0 5 0 5 5 0 8 0 art_node 32 104 0 10 1 0 1 1 0 8 0 shmpl 112 6 0 1 1 0 1 1 0 8 0 pool(0xffffffff83a2c018:shmpl): page inconsistency: page 0xfffffd8066278000; 29 on list, 5 missing, 35 items per page dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1689 0 226 92 0 92 92 0 8 0 ffsino 296 1689 0 226 113 0 113 113 0 8 0 nchpl 144 2018 0 330 63 0 63 63 0 8 0 vnodes 216 1770 0 0 99 0 99 99 0 8 0 namei 1024 6004 0 6004 1 0 1 1 0 8 1 percpumem 16 50 0 0 1 0 1 1 0 8 0 kstatmem 264 25 0 0 2 0 2 2 0 8 0 scxspl 216 7059 0 7058 6 1 5 5 1 8 4 plimitpl 152 46 0 20 2 0 2 2 0 8 0 sigapl 424 533 0 477 7 0 7 7 0 8 0 knotepl 120 542 0 0 17 0 17 17 0 8 0 kqueuepl 224 43 0 31 1 0 1 1 0 8 0 pipepl 344 129 0 101 3 0 3 3 0 8 0 fdescpl 528 517 0 478 3 0 3 3 0 8 0 filepl 160 2099 0 1865 11 0 11 11 0 8 1 lockfpl 104 39 0 37 1 0 1 1 0 8 0 lockfspl 48 16 0 14 1 0 1 1 0 8 0 sessionpl 144 35 0 18 1 0 1 1 0 8 0 pgrppl 48 44 0 19 1 0 1 1 0 8 0 ucredpl 104 216 0 198 1 0 1 1 0 8 0 zombiepl 144 478 0 477 1 0 1 1 0 8 0 processpl 1232 533 0 477 5 0 5 5 0 8 0 procpl 664 716 0 649 7 0 7 7 0 8 1 sosppl 176 2 0 2 1 0 1 1 0 8 1 sockpl 752 389 0 349 7 0 7 7 0 8 2 mcl64k 65536 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k128 9344 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 132 0 0 17 0 17 17 0 8 0 mcl2k 2048 29 0 0 4 0 4 4 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 239 0 0 15 0 15 15 0 8 0 bufpl 280 2398 0 102 164 0 164 164 0 8 0 anonpl 32 7802 0 0 63 0 63 63 0 246 0 amapchunkpl 152 11119 0 10568 35 0 35 35 0 158 11 amappl16 200 1148 0 1128 14 0 14 14 0 8 12 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 397 0 394 1 0 1 1 0 8 0 amappl13 176 122 0 110 1 0 1 1 0 8 0 amappl12 168 748 0 712 2 0 2 2 0 8 0 amappl11 160 2 0 2 1 1 0 1 0 8 0 amappl10 152 60 0 50 1 0 1 1 0 8 0 amappl9 144 269 0 269 1 1 0 1 0 8 0 amappl8 136 89 0 88 1 0 1 1 0 8 0 amappl7 128 140 0 127 1 0 1 1 0 8 0 amappl6 120 147 0 145 1 0 1 1 0 8 0 amappl5 112 101 0 91 1 0 1 1 0 8 0 amappl4 104 275 0 258 1 0 1 1 0 8 0 amappl3 96 2064 0 1934 4 0 4 4 0 8 0 amappl2 88 559 0 498 2 0 2 2 0 8 0 amappl1 80 11934 0 11243 17 0 17 17 0 8 1 amappl 88 3202 0 3012 5 0 5 5 0 92 0 uvmvnodes 80 104 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 8 0 1 1 0 1 1 0 8 0 uaddrrnd 24 517 0 478 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 517 0 478 1 0 1 1 0 8 0 vmmpekpl 168 6754 0 6717 2 0 2 2 0 8 0 vmmpepl 168 43914 0 41601 113 0 113 113 0 357 7 vmsppl 488 516 0 477 6 0 6 6 0 8 1 rwobjpl 80 15825 0 14728 30 0 30 30 0 8 4 pdppl 4096 1041 0 954 109 20 89 95 0 8 2 pvpl 32 15611 0 0 126 0 126 126 0 265 0 pmappl 256 516 0 477 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 279 0 22 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff83881ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153 __mp_lock(ffffffff83a23940) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff83a23940) at __mp_lock+0x1a3 sys/kern/kern_lock.c:173 exit1(ffff8000fffeed10,0,0,1) at exit1+0x701 sys/kern/kern_exit.c:260 sys_exit(ffff8000fffeed10,ffff800037bbcab0,ffff800037bbca00) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff800037bbcab0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff800037bbcab0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x717dcb3a8850, count: 6 ddb{0}> trace x86_ipi_db(ffffffff83881ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153 __mp_lock(ffffffff83a23940) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff83a23940) at __mp_lock+0x1a3 sys/kern/kern_lock.c:173 exit1(ffff8000fffeed10,0,0,1) at exit1+0x701 sys/kern/kern_exit.c:260 sys_exit(ffff8000fffeed10,ffff800037bbcab0,ffff800037bbca00) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff800037bbcab0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff800037bbcab0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x717dcb3a8850, count: -9 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x25: addq $0x8,%rsp db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8344c04b) at panic+0x1e5 sys/kern/subr_prf.c:198 pool_do_get(ffffffff83a2c018,1,ffff80003c3feb48) at pool_do_get+0x5df pool_get(ffffffff83a2c018,1) at pool_get+0x162 sys/kern/subr_pool.c:-1 shmget_allocate_segment(ffff8000373a7778,ffff80003c3feda0,81,ffff80003c3fecf0) at shmget_allocate_segment+0x1af sys/kern/sysv_shm.c:-1 sys_shmget(ffff8000373a7778,ffff80003c3feda0,ffff80003c3fecf0) at sys_shmget+0x195 sys/kern/sysv_shm.c:484 syscall(ffff80003c3feda0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c3feda0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x22b5cbf6e40, count: 7 ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8344c04b) at panic+0x1e5 sys/kern/subr_prf.c:198 pool_do_get(ffffffff83a2c018,1,ffff80003c3feb48) at pool_do_get+0x5df pool_get(ffffffff83a2c018,1) at pool_get+0x162 sys/kern/subr_pool.c:-1 shmget_allocate_segment(ffff8000373a7778,ffff80003c3feda0,81,ffff80003c3fecf0) at shmget_allocate_segment+0x1af sys/kern/sysv_shm.c:-1 sys_shmget(ffff8000373a7778,ffff80003c3feda0,ffff80003c3fecf0) at sys_shmget+0x195 sys/kern/sysv_shm.c:484 syscall(ffff80003c3feda0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c3feda0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x22b5cbf6e40, count: -8