kernel: protection fault trap, code=0 Stopped at sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace sys_semop(ffff8000fffe8a80,ffff80003c503cf0,ffff80003c503c40) at sys_semop+0x3d5 sys/kern/sysv_sem.c:619 syscall(ffff80003c503cf0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c503cf0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x637d1dfe690, count: -3 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003c503c10 rbx 0xdeadbeefdeadbeef rdx 0 rcx 0xffff8000fffe8a80 rax 0xdeadbeefdeadbeef r8 0x7f7fffffc000 r9 0x1 r10 0xcee30aa70cb5a5da r11 0x9d4e8853b07de434 r12 0 r13 0xfffffd8066dd8af0 r14 0xffff80003c503cf0 r15 0 rip 0xffffffff81aa7265 sys_semop+0x3d5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c503b20 ss 0x10 sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{1}> show proc PROC (syz-executor) tid=160970 pid=10060 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c423a30,0xffff80003c409ce8 process=0xffff80003c471848 user=0xffff80003c4fe000, vmspace=0xfffffd8074439b90 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 10060 360712 61082 0 7 0 syz-executor 10060 118290 61082 0 2 0x4000000 syz-executor *10060 160970 61082 0 7 0x4000000 syz-executor 10060 314939 61082 0 2 0x4000080 syz-executor 81138 198593 60626 0 2 0 syz-executor 81138 457538 60626 0 3 0x4000080 fsleep syz-executor 24024 48604 10979 0 3 0x80 nanoslp syz-executor 24024 403775 10979 0 3 0x4000080 ttyretype syz-executor 24024 67655 10979 0 3 0x4000080 fsleep syz-executor 4134 153983 30990 0 3 0x80 nanoslp syz-executor 4134 462122 30990 0 3 0x4000080 ttyin syz-executor 4134 113758 30990 0 3 0x4000080 fsleep syz-executor 29940 378116 79132 0 2 0 syz-executor 29940 294214 79132 0 3 0x4000000 biowait syz-executor 29940 143519 79132 0 3 0x4000000 inode syz-executor 29940 265242 79132 0 3 0x4000000 inode syz-executor 29940 126785 79132 0 3 0x4000000 inode syz-executor 29940 512934 79132 0 3 0x4000000 inode syz-executor 29940 239166 79132 0 3 0x4000080 kqread syz-executor 85321 227509 74511 -1 3 0x90 nanoslp syz-executor 85321 475491 74511 -1 3 0x4000090 fsleep syz-executor 85321 201124 74511 -1 3 0x4000090 nanoslp syz-executor 20276 90406 0 0 3 0x14280 nfsidl nfsio 13208 53786 0 0 3 0x14280 nfsidl nfsio 60268 313685 0 0 3 0x14280 nfsidl nfsio 77301 376408 0 0 3 0x14280 nfsidl nfsio 80118 171432 0 0 3 0x14280 nfsidl nfsio 27884 158125 0 0 3 0x14280 nfsidl nfsio 52913 117604 0 0 3 0x14280 nfsidl nfsio 46963 70241 0 0 3 0x14280 nfsidl nfsio 4440 483348 0 0 3 0x14280 nfsidl nfsio 49180 289544 0 0 3 0x14280 nfsidl nfsio 15776 458855 0 0 3 0x14280 nfsidl nfsio 89664 178306 0 0 3 0x14280 nfsidl nfsio 63818 287111 0 0 3 0x14280 nfsidl nfsio 77762 267551 0 0 3 0x14280 nfsidl nfsio 4121 425834 0 0 3 0x14280 nfsidl nfsio 73474 523514 0 0 3 0x14280 nfsidl nfsio 72807 16878 91783 0 3 0x3000 suspend syz-executor 72807 445393 91783 0 2 0x4081000 syz-executor 61082 454821 2232 0 3 0x82 nanoslp syz-executor 30990 418289 2232 0 3 0x82 nanoslp syz-executor 79132 20404 2232 0 3 0x82 nanoslp syz-executor 60626 95670 2232 0 3 0x82 nanoslp syz-executor 10979 82882 2232 0 3 0x82 nanoslp syz-executor 74511 273170 2232 0 3 0x82 nanoslp syz-executor 63087 490850 0 0 3 0x14280 nfsidl nfsio 79837 324814 0 0 3 0x14280 nfsidl nfsio 94279 292588 0 0 3 0x14280 nfsidl nfsio 54211 55002 0 0 3 0x14280 nfsidl nfsio 47517 323169 2232 0 3 0x82 nanoslp syz-executor 91783 373679 2232 0 3 0x82 nanoslp syz-executor 2232 23217 60439 0 3 0x82 kqread syz-executor 60439 314141 29080 0 3 0x10008a sigsusp ksh 29080 298750 70485 0 3 0x98 kqread sshd-session 70485 484692 31162 0 3 0x92 kqread sshd-session 62404 335101 1 0 3 0x100083 ttyopn getty 31162 169902 1 0 3 0x88 kqread sshd 42987 189161 2188 74 3 0x1100092 bpf pflogd 2188 319050 1 0 3 0x80 sbwait pflogd 60246 136255 96017 73 3 0x1100090 kqread syslogd 96017 366520 1 0 3 0x100082 sbwait syslogd 38817 452525 1 0 3 0x100080 kqread resolvd 20913 441194 82723 77 3 0x100092 kqread dhcpleased 38895 20080 82723 77 3 0x100092 kqread dhcpleased 82723 119669 1 0 3 0x80 kqread dhcpleased 15413 512702 0 0 3 0x14200 bored smr 79610 281408 0 0 3 0x14200 pgzero zerothread 64458 80587 0 0 3 0x14200 aiodoned aiodoned 30829 144867 0 0 3 0x14200 syncer update 17062 248774 0 0 3 0x14200 cleaner cleaner 43383 157196 0 0 3 0x14200 reaper reaper 56940 450677 0 0 3 0x14200 pgdaemon pagedaemon 73923 101802 0 0 3 0x14200 bored viomb 91440 105576 0 0 3 0x40014200 acpi0 acpi0 58845 484409 0 0 3 0x40014200 idle1 87072 177414 0 0 3 0x14200 bored softnet1 6028 97192 0 0 3 0x14200 bored softnet0 36996 165984 0 0 3 0x14200 bored systqmp 42526 295001 0 0 3 0x14200 bored systq 51279 260486 0 0 3 0x14200 tmoslp softclockmp 40308 266957 0 0 3 0x40014200 tmoslp softclock 67387 340249 0 0 3 0x40014200 idle0 1 136146 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 10060 (syz-executor) thread 0xffff80003c423a30 (118290) Process 10060 (syz-executor) thread 0xffff8000fffe8a80 (160970) Process 29940 (syz-executor) thread 0xffff80002a260d10 (294214) Process 29940 (syz-executor) thread 0xffff80003c422fd0 (143519) Process 72807 (syz-executor) thread 0xffff80002a260fa8 (445393) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11089 12097K 13999K 166960K 14522 0 pcb 17 15K 16K 166960K 535 0 rtable 192 11K 11K 166960K 1303 0 pf 38 18K 82K 166960K 283 0 ifaddr 34 6K 8K 166960K 209 0 ifgroup 58 2K 3K 166960K 369 0 sysctl 4 1K 9K 166960K 19 0 counters 70 37K 39K 166960K 424 0 ioctlops 0 0K 8K 166960K 2055 0 iov 1 12K 20K 166960K 176 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1485 93K 94K 166960K 3430 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 10K 166960K 28 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 147 0 dirhash 12 2K 2K 166960K 60 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 232K 166960K 2168 0 sigio 0 0K 0K 166960K 34 0 proc 75 131K 196K 166960K 1037 0 subproc 72 4K 4K 166960K 180 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 725 0 in_multi 66 4K 7K 166960K 306 0 ether_multi 1 0K 0K 166960K 29 0 mrt 1 0K 0K 166960K 21 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 169 758K 758K 166960K 169 0 exec 0 0K 1K 166960K 968 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 287 181K 202K 166960K 21225 0 UVM aobj 33 12K 12K 166960K 43 0 pinsyscall 43 86K 104K 166960K 3636 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 1K 166960K 160 0 NDP 12 0K 2K 166960K 155 0 temp 81 8684K 8938K 166960K 108291 0 kqueue 15 24K 30K 166960K 445 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 446 0 443 6 5 1 3 0 8 0 rtentry 176 367 0 297 6 1 5 6 0 8 0 unpcb 144 1926 0 1900 18 14 4 6 0 8 3 syncache 336 12 0 12 7 6 1 1 0 8 1 tcpqe 32 12 0 12 5 5 0 1 0 8 0 tcpcb 736 802 0 794 18 16 2 7 0 8 1 arp 136 52 0 39 1 0 1 1 0 8 0 inpcb 328 2357 0 2340 22 20 2 7 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 2 0 2 1 1 0 1 0 8 0 nd6 152 62 0 46 1 0 1 1 0 8 0 pkpcb 40 41 0 41 6 5 1 1 0 8 1 kcovpl 48 20 0 12 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 133 0 133 2 1 1 1 0 8 1 pppxif 1504 15 0 15 5 4 1 1 0 8 1 pffrag 232 19 0 11 1 0 1 1 0 482 0 pffrnode 88 18 0 10 1 0 1 1 0 8 0 pffrent 40 23 0 15 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 2 0 2 1 0 1 1 0 8 1 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 2 0 0 1 0 1 1 0 8 0 pfstate 448 1 0 0 1 0 1 1 0 8 0 rttmr 136 4 0 4 3 3 0 1 0 8 0 art_heap8 4096 37 0 33 36 32 4 36 0 8 0 art_heap4 256 1399 0 1095 46 24 22 32 0 8 0 art_table 40 1436 0 1128 7 1 6 6 0 8 0 art_node 32 364 0 301 2 0 2 2 0 8 0 sysvmsgpl 40 13 0 6 1 0 1 1 0 8 0 semupl 112 4 0 4 3 2 1 1 0 8 1 semapl 112 139 0 130 1 0 1 1 0 8 0 shmpl 112 30 0 5 1 0 1 1 0 8 0 dirhash 1024 49 0 32 3 0 3 3 0 8 0 dino2pl 256 5711 0 4189 96 0 96 96 0 8 0 ffsino 296 5711 0 4189 119 1 118 118 0 8 0 nchpl 144 8518 0 6785 65 0 65 65 0 8 0 rtmask 32 20 0 20 5 4 1 1 0 8 1 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 30914 0 30910 7 6 1 4 0 8 0 percpumem 16 227 0 177 1 0 1 1 0 8 0 vcpupl 3968 5 0 0 1 0 1 1 0 8 0 vmpool 848 9 0 4 2 1 1 1 0 8 0 kstatmem 264 232 0 202 4 1 3 3 0 8 0 acpiwqpl 32 3 0 3 1 0 1 1 1 8 1 scsiplug 72 7 0 7 5 4 1 1 0 8 1 scxspl 216 65127 0 65126 14 12 2 8 1 8 1 plimitpl 152 615 0 594 1 0 1 1 0 8 0 sigapl 424 2493 0 2425 10 2 8 8 0 8 0 knotepl 120 798 0 0 23 0 23 23 0 8 0 kqueuepl 224 810 0 796 8 6 2 5 0 8 1 pipepl 344 517 0 490 14 11 3 9 0 8 0 fdescpl 528 2432 0 2400 3 0 3 3 0 8 0 filepl 160 17548 0 17298 31 18 13 21 0 8 0 lockfpl 104 770 0 766 2 0 2 2 0 8 1 lockfspl 48 278 0 274 1 0 1 1 0 8 0 sessionpl 144 43 0 34 1 0 1 1 0 8 0 pgrppl 48 81 0 64 1 0 1 1 0 8 0 ucredpl 104 3537 0 3522 1 0 1 1 0 8 0 zombiepl 144 3168 0 3166 1 0 1 1 0 8 0 processpl 1232 2493 0 2425 8 2 6 6 0 8 0 procpl 664 5760 0 5675 11 3 8 8 0 8 0 sosppl 176 12 0 12 4 3 1 1 0 8 1 sockpl 752 4922 0 4876 57 46 11 23 0 8 6 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 116 0 0 15 0 15 15 0 8 0 mcl2k 2048 41 0 0 5 0 5 5 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 3496 0 0 218 0 218 218 0 8 0 bufpl 280 27008 0 20871 439 0 439 439 0 8 0 anonpl 32 15030 0 0 122 1 121 121 0 246 0 amapchunkpl 152 72800 0 71999 63 29 34 34 0 158 2 amappl16 200 9029 0 8869 82 66 16 27 0 8 7 amappl15 192 11 0 11 1 1 0 1 0 8 0 amappl14 184 4 0 4 1 1 0 1 0 8 0 amappl13 176 574 0 573 1 0 1 1 0 8 0 amappl12 168 2892 0 2849 4 1 3 3 0 8 0 amappl11 160 5 0 5 1 1 0 1 0 8 0 amappl10 152 66 0 52 1 0 1 1 0 8 0 amappl9 144 245 0 245 2 2 0 1 0 8 0 amappl8 136 44 0 41 1 0 1 1 0 8 0 amappl7 128 134 0 132 1 0 1 1 0 8 0 amappl6 120 433 0 420 1 0 1 1 0 8 0 amappl5 112 119 0 107 1 0 1 1 0 8 0 amappl4 104 547 0 517 1 0 1 1 0 8 0 amappl3 96 12660 0 12548 4 1 3 3 0 8 0 amappl2 88 2608 0 2529 2 0 2 2 0 8 0 amappl1 80 20772 0 20167 16 1 15 15 0 8 0 amappl 88 19896 0 19690 5 0 5 5 0 92 0 uvmvnodes 80 178 0 0 4 0 4 4 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 257 0 257 4 3 1 1 0 8 1 dma64 64 8 0 8 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 42 0 10 1 0 1 1 0 8 0 uaddrrnd 24 2432 0 2400 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2432 0 2400 1 0 1 1 0 8 0 vmmpekpl 168 20363 0 20301 4 0 4 4 0 8 0 vmmpepl 168 162141 0 159970 137 34 103 110 0 357 8 vmsppl 488 2431 0 2400 5 0 5 5 0 8 0 rwobjpl 80 45324 0 43996 40 8 32 34 0 8 0 pdppl 4096 4890 0 4813 146 67 79 88 0 8 2 pvpl 32 22934 0 0 186 1 185 185 0 265 0 pmappl 256 2440 0 2404 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 611 0 157 15 0 15 15 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff837f7ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8391d2c0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff8391d2c0) at __mp_lock+0x192 sys/kern/kern_lock.c:173 intr_handler(ffff80003c4e53f0,ffff8000002a3480) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:560 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f __mp_lock(ffffffff8391d2c0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff8391d2c0) at __mp_lock+0x192 sys/kern/kern_lock.c:173 syscall(ffff80003c4e55c0) at syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline] syscall(ffff80003c4e55c0) at syscall+0xaf4 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7da1312925e0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{1}> trace sys_semop(ffff8000fffe8a80,ffff80003c503cf0,ffff80003c503c40) at sys_semop+0x3d5 sys/kern/sysv_sem.c:619 syscall(ffff80003c503cf0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c503cf0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x637d1dfe690, count: -3