kernel: protection fault trap, code=0 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff800034c0e038,ffff80003c48b760,ffff80003c48b6b0) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c48b760) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c48b760) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x13c18033640, count: -3 ddb{0}> show registers rdi 0 rsi 0xb rbp 0xffff80003c48b680 rbx 0xdeafbeaddeafbead rdx 0 rcx 0xffff800034c0e038 rax 0xffffffff83781ff0 cpu_info_full_primary+0x1ff0 r8 0x7f7fffffc000 r9 0 r10 0x677a914c123f1dfc r11 0x77cef82ecf9a992a r12 0xb r13 0xfffffd806a8998c0 r14 0xffff80003c48b760 r15 0xb rip 0xffffffff8275dd02 sys_semop+0x352 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c48b590 ss 0x10 sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{0}> show proc PROC (syz-executor) tid=275572 pid=48686 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800034c0e2d0,0xffff800034c0e578 process=0xffff8000358249c0 user=0xffff80003c486000, vmspace=0xfffffd800b0273d0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 48686 369564 55638 0 7 0 syz-executor *48686 275572 55638 0 7 0x4000000 syz-executor 48686 103995 55638 0 2 0x4000000 syz-executor 48686 355769 55638 0 2 0x4000080 syz-executor 30207 75542 99196 0 2 0 syz-executor 30207 82639 99196 0 3 0x4000080 fsleep syz-executor 2296 161905 99396 0 2 0 syz-executor 2296 166270 99396 0 2 0x4000000 syz-executor 2296 197705 99396 0 3 0x4000080 fsleep syz-executor 43148 7173 99567 0 2 0 syz-executor 43148 31553 99567 0 3 0x4000080 kqread syz-executor 96569 166141 79075 0 2 0 syz-executor 96569 376096 79075 0 3 0x4000080 lockf syz-executor 96569 362976 79075 0 2 0x4000000 syz-executor 45235 447573 19323 0 3 0x80 nanoslp syz-executor 45235 4161 19323 0 3 0x4000080 kqsel syz-executor 45235 459625 19323 0 3 0x4000080 fsleep syz-executor 48265 339057 325 0 3 0x82 nanoslp syz-executor 99196 98009 325 0 3 0x82 nanoslp syz-executor 50198 480979 325 0 2 0x3 syz-executor 88054 414789 0 0 3 0x14280 nfsidl nfsio 50159 419288 0 0 3 0x14280 nfsidl nfsio 28503 71592 0 0 3 0x14280 nfsidl nfsio 77240 136577 0 0 3 0x14280 nfsidl nfsio 39501 372113 0 0 3 0x14280 nfsidl nfsio 81084 394479 0 0 3 0x14280 nfsidl nfsio 19248 459243 0 0 3 0x14280 nfsidl nfsio 21432 116158 0 0 3 0x14280 nfsidl nfsio 51192 357581 0 0 3 0x14280 nfsidl nfsio 60586 375775 0 0 3 0x14280 nfsidl nfsio 40636 307857 0 0 3 0x14280 nfsidl nfsio 25714 265007 0 0 3 0x14280 nfsidl nfsio 3796 361943 0 0 3 0x14280 nfsidl nfsio 13648 221614 0 0 3 0x14280 nfsidl nfsio 43866 100272 0 0 3 0x14280 nfsidl nfsio 48911 440206 0 0 3 0x14280 nfsidl nfsio 9230 245438 0 0 3 0x14280 nfsidl nfsio 73436 418061 0 0 3 0x14280 nfsidl nfsio 90775 25745 0 0 3 0x14280 nfsidl nfsio 17542 322664 0 0 3 0x14280 nfsidl nfsio 79075 41458 325 0 2 0x3 syz-executor 5647 419373 1 0 3 0x100083 ttyin getty 11714 370606 0 0 3 0x14200 bored sosplice 55638 233237 325 0 3 0x82 nanoslp syz-executor 99396 168469 325 0 3 0x82 nanoslp syz-executor 19323 143248 325 0 3 0x82 nanoslp syz-executor 99567 122784 325 0 3 0x82 nanoslp syz-executor 325 8518 55064 0 2 0x2 syz-executor 55064 235704 61149 0 3 0x10008a sigsusp ksh 61149 106340 46928 0 3 0x98 kqread sshd-session 46928 512912 65753 0 3 0x92 kqread sshd-session 65753 458817 1 0 3 0x88 kqread sshd 96101 473182 44234 74 3 0x1100092 bpf pflogd 44234 281401 1 0 3 0x80 sbwait pflogd 90112 108959 72647 73 3 0x1100090 kqread syslogd 72647 437231 1 0 3 0x100082 sbwait syslogd 71326 102582 1 0 3 0x100080 kqread resolvd 46309 72971 82133 77 3 0x100092 kqread dhcpleased 16553 503749 82133 77 3 0x100092 kqread dhcpleased 82133 258773 1 0 3 0x80 kqread dhcpleased 65352 302374 0 0 3 0x14200 bored smr 93126 20101 0 0 2 0x14200 zerothread 46263 92045 0 0 3 0x14200 aiodoned aiodoned 44017 496504 0 0 3 0x14200 syncer update 61791 368605 0 0 3 0x14200 cleaner cleaner 56365 494059 0 0 3 0x14200 reaper reaper 90948 233715 0 0 3 0x14200 pgdaemon pagedaemon 95872 86589 0 0 3 0x14200 bored viomb 67452 522847 0 0 3 0x40014200 acpi0 acpi0 44095 207203 0 0 3 0x40014200 idle1 98954 180405 0 0 3 0x14200 bored softnet7 60006 197183 0 0 3 0x14200 bored softnet6 82939 175591 0 0 3 0x14200 bored softnet5 51404 76426 0 0 3 0x14200 bored softnet4 84209 232740 0 0 3 0x14200 bored softnet3 98064 425487 0 0 3 0x14200 bored softnet2 43958 504672 0 0 3 0x14200 bored softnet1 5462 381129 0 0 3 0x14200 bored softnet0 13228 267860 0 0 3 0x14200 bored systqmp 35574 141549 0 0 3 0x14200 bored systq 32239 333028 0 0 3 0x14200 tmoslp softclockmp 99929 445748 0 0 3 0x40014200 tmoslp softclock 27450 350745 0 0 3 0x40014200 idle0 1 72014 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 48686 (syz-executor) thread 0xffff800034c0e038 (275572) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839779e0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe3 sys/kern/kern_malloc.c:174 #3 sys_semop+0x22f sys/kern/sysv_sem.c:-1 #4 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #4 syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 #5 Xsyscall+0x128 Process 48686 (syz-executor) thread 0xffff800034c0e568 (103995) exclusive rwlock fdlock r = 0 (0xffff800035823d50) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 sys_socketpair+0x2fa sys/kern/uipc_syscalls.c:492 #3 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #3 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 #4 Xsyscall+0x128 Process 2296 (syz-executor) thread 0xffff800034c08550 (166270) exclusive rwlock vmmaplk r = 0 (0xfffffd800b0276b8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5168 #3 uvm_map_protect+0xe0 sys/uvm/uvm_map.c:3064 #4 sys_mprotect+0x351 sys/uvm/uvm_mmap.c:590 #5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 #6 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10236 11043K 11224K 166960K 11964 0 pcb 18 14K 15K 166960K 146 0 rtable 209 11K 11K 166960K 440 0 pf 36 18K 131090K 166960K 163 0 ifaddr 40 7K 7K 166960K 109 0 ifgroup 55 2K 3K 166960K 187 0 sysctl 4 1K 9K 166960K 10 0 counters 68 36K 38K 166960K 206 0 ioctlops 0 0K 4K 166960K 1596 0 iov 0 0K 24K 166960K 86 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1338 84K 85K 166960K 1908 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 11 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 94 0 dirhash 12 2K 2K 166960K 33 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 899 0 sigio 0 0K 0K 166960K 22 0 proc 72 115K 164K 166960K 726 0 subproc 72 4K 4K 166960K 109 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 102 0 in_multi 84 6K 7K 166960K 169 0 ether_multi 1 0K 0K 166960K 8 0 mrt 2 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 223 996K 996K 166960K 223 0 exec 0 0K 1K 166960K 505 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 249 160K 175K 166960K 9632 0 UVM aobj 23 2K 2K 166960K 25 0 pinsyscall 42 84K 104K 166960K 2077 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 59 0 NDP 12 0K 2K 166960K 81 0 temp 57 8647K 8773K 166960K 43233 0 kqueue 15 24K 32K 166960K 168 0 SYN cache 2 8K 16K 166960K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 156 0 153 3 0 3 3 0 8 2 rtentry 176 151 0 69 5 0 5 5 0 8 0 unpcb 144 845 0 826 15 14 1 9 0 8 0 syncache 336 5 0 5 2 2 0 1 0 8 0 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 736 475 0 469 20 13 7 7 0 8 6 arp 128 17 0 7 1 0 1 1 0 8 0 inpcb 328 1072 0 1062 17 10 7 7 0 8 5 nd6 144 30 0 12 1 0 1 1 0 8 0 pkpcb 40 2 0 2 2 2 0 1 0 8 0 kcovpl 48 12 0 4 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 50 0 50 2 1 1 1 0 8 1 pppxif 1504 4 0 4 2 2 0 1 0 8 0 pffrag 232 5 0 0 1 0 1 1 0 482 0 pffrnode 88 4 0 0 1 0 1 1 0 8 0 pffrent 40 7 0 2 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 3 0 3 3 3 0 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 69 0 21 1 0 1 1 0 8 0 pfstkey 128 71 0 23 2 0 2 2 0 8 0 pfstate 384 71 0 23 5 0 5 5 0 8 0 pfrule 1344 26 0 22 2 1 1 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 705 0 292 31 5 26 28 0 8 0 art_table 40 707 0 292 5 0 5 5 0 8 0 art_node 32 151 0 79 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 4 1 0 1 1 0 8 0 semapl 112 89 0 80 1 0 1 1 0 8 0 shmpl 112 22 0 2 1 0 1 1 0 8 0 dirhash 1024 31 0 14 3 0 3 3 0 8 0 dino2pl 256 2997 0 1478 96 0 96 96 0 8 0 ffsino 296 2997 0 1478 118 0 118 118 0 8 0 nchpl 144 4217 0 3656 64 36 28 64 0 8 3 rtmask 32 11 0 11 2 1 1 1 0 8 1 uvmvnodes 80 3315 0 0 68 0 68 68 0 8 0 vnodes 216 3315 0 0 185 0 185 185 0 8 0 namei 1024 13937 0 13937 3 2 1 2 0 8 1 percpumem 16 118 0 69 1 0 1 1 0 8 0 kstatmem 264 116 0 88 5 2 3 3 0 8 1 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 22830 0 22830 12 8 4 8 1 8 4 plimitpl 152 281 0 264 1 0 1 1 0 8 0 sigapl 424 1206 0 1132 9 0 9 9 0 8 0 knotepl 120 832 0 0 26 0 26 26 0 8 0 kqueuepl 224 311 0 300 4 3 1 3 0 8 0 pipepl 344 224 0 196 6 3 3 6 0 8 0 fdescpl 528 1160 0 1129 3 0 3 3 0 8 0 filepl 160 7262 0 7043 30 16 14 20 0 8 1 lockfpl 104 306 0 302 1 0 1 1 0 8 0 lockfspl 48 111 0 108 1 0 1 1 0 8 0 sessionpl 144 28 0 19 1 0 1 1 0 8 0 pgrppl 48 117 0 100 1 0 1 1 0 8 0 ucredpl 104 1026 0 1012 1 0 1 1 0 8 0 zombiepl 144 1438 0 1437 1 0 1 1 0 8 0 processpl 1232 1206 0 1132 6 0 6 6 0 8 0 procpl 664 2454 0 2369 8 0 8 8 0 8 0 sosppl 168 14 0 14 3 2 1 1 0 8 1 sockpl 752 2101 0 2069 39 28 11 24 0 8 6 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 110 0 0 14 0 14 14 0 8 0 mcl2k 2048 54 0 0 6 0 6 6 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 286 0 0 17 0 17 17 0 8 0 bufpl 280 9161 0 3018 440 0 440 440 0 8 0 anonpl 32 11460 0 0 93 0 93 93 0 246 0 amapchunkpl 152 31458 0 30923 43 16 27 34 0 158 3 amappl16 200 3830 0 3795 37 21 16 27 0 8 6 amappl15 192 32 0 32 1 1 0 1 0 8 0 amappl14 184 123 0 111 1 0 1 1 0 8 0 amappl13 176 37 0 37 1 1 0 1 0 8 0 amappl12 168 1883 0 1852 3 1 2 3 0 8 0 amappl11 160 54 0 39 1 0 1 1 0 8 0 amappl10 152 8 0 7 2 1 1 1 0 8 0 amappl9 144 259 0 259 1 1 0 1 0 8 0 amappl8 136 23 0 20 1 0 1 1 0 8 0 amappl7 128 114 0 101 1 0 1 1 0 8 0 amappl6 120 213 0 210 1 0 1 1 0 8 0 amappl5 112 136 0 126 1 0 1 1 0 8 0 amappl4 104 303 0 283 1 0 1 1 0 8 0 amappl3 96 6193 0 6074 4 0 4 4 0 8 0 amappl2 88 700 0 638 2 0 2 2 0 8 0 amappl1 80 11857 0 11247 16 2 14 15 0 8 0 amappl 88 8772 0 8595 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 24 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1160 0 1129 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1160 0 1129 1 0 1 1 0 8 0 vmmpekpl 168 10750 0 10695 3 0 3 3 0 8 0 vmmpepl 168 78621 0 76590 118 16 102 111 0 357 5 vmsppl 488 1159 0 1129 6 1 5 5 0 8 0 rwobjpl 80 26155 0 21856 93 1 92 92 0 8 0 pdppl 4096 2328 0 2258 114 42 72 86 0 8 2 pvpl 32 18555 0 0 150 0 150 150 0 265 0 pmappl 256 1159 0 1129 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 318 0 67 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff800034c0e038,ffff80003c48b760,ffff80003c48b6b0) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c48b760) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c48b760) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x13c18033640, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x7155b5c85a60, count: -3