kernel: protection fault trap, code=0 Stopped at sys_semop+0x45b: movzwl 0(%rax),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff8000ffff8030,ffff80003c4fea20,ffff80003c4fe970) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff80003c4fea20) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4fea20) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3d10227e8c0, count: -3 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80003c4fe940 rbx 0 rdx 0 rcx 0xffff8000ffff8030 rax 0xdead4110dead4344 r8 0x7f7fffffc000 r9 0 r10 0x490a6d0dffa909ad r11 0x6af5e39635c25112 r12 0xffff80000151c004 r13 0 r14 0xffff80003c4fea20 r15 0 rip 0xffffffff823dca6b sys_semop+0x45b cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c4fe820 ss 0x10 sys_semop+0x45b: movzwl 0(%rax),%r15d ddb{0}> show proc PROC (syz-executor) tid=55720 pid=22073 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffff9c08,0xffff80002a3c2cf0 process=0xffff80003c4ee6e0 user=0xffff80003c4f9000, vmspace=0xfffffd806be841e0 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 99517 112665 38102 0 3 0 futex syz-executor 99517 459582 38102 0 3 0x4000080 fsleep syz-executor 18794 439408 66822 0 2 0 syz-executor 18794 21963 66822 0 3 0x4000080 fsleep syz-executor 71658 99745 41532 0 3 0 vmmaplk syz-executor 71658 204392 41532 0 3 0x4000080 fsleep syz-executor 71658 315378 41532 0 2 0x4000000 syz-executor 58751 523109 52967 0 2 0 syz-executor 58751 77311 52967 0 3 0x4000080 fsleep syz-executor 12513 414579 41989 0 2 0 syz-executor 12513 312287 41989 0 2 0x4000000 syz-executor 12513 467761 41989 0 3 0x4000080 fsleep syz-executor 22073 197822 3049 0 3 0 futex syz-executor 22073 349362 3049 0 3 0x4000080 fsleep syz-executor *22073 55720 3049 0 7 0x4000000 syz-executor 22073 178822 3049 0 2 0x4000000 syz-executor 98608 141315 50395 0 7 0x10 syz-executor 98608 125594 50395 0 3 0x4000090 kqread syz-executor 98608 1977 50395 0 2 0x4000010 syz-executor 58856 287421 0 0 3 0x14280 nfsidl nfsio 17715 273414 0 0 3 0x14280 nfsidl nfsio 78076 248625 0 0 3 0x14280 nfsidl nfsio 96729 330844 0 0 3 0x14280 nfsidl nfsio 52369 332176 0 0 3 0x14280 nfsidl nfsio 48967 259583 0 0 3 0x14280 nfsidl nfsio 51000 142777 0 0 3 0x14280 nfsidl nfsio 78745 262101 0 0 3 0x14280 nfsidl nfsio 17411 491239 0 0 3 0x14280 nfsidl nfsio 24301 270671 0 0 3 0x14280 nfsidl nfsio 11296 96217 0 0 3 0x14280 nfsidl nfsio 52921 158608 0 0 3 0x14280 nfsidl nfsio 35162 71962 0 0 3 0x14280 nfsidl nfsio 47766 435615 0 0 3 0x14280 nfsidl nfsio 94675 293674 0 0 3 0x14280 nfsidl nfsio 69407 178698 0 0 3 0x14280 nfsidl nfsio 52419 143029 0 0 3 0x14280 nfsidl nfsio 52168 202718 0 0 3 0x14280 nfsidl nfsio 35614 478618 0 0 3 0x14280 nfsidl nfsio 1860 29010 0 0 3 0x14280 nfsidl nfsio 15187 162883 1 0 3 0x100083 ttyin getty 38102 41968 45494 0 3 0x82 nanoslp syz-executor 10579 429095 0 0 3 0x14200 bored sosplice 25668 233935 11069 0 3 0x100082 sbwait arp 11069 445959 67584 0 3 0x10008a sigsusp sh 41989 205478 45494 0 3 0x82 nanoslp syz-executor 52967 380921 45494 0 3 0x82 nanoslp syz-executor 50395 81389 45494 0 3 0x82 nanoslp syz-executor 3049 158955 45494 0 3 0x82 nanoslp syz-executor 66822 489831 45494 0 3 0x82 nanoslp syz-executor 41532 150469 45494 0 3 0x82 nanoslp syz-executor 67584 326174 45494 0 3 0x82 wait syz-executor 45494 100613 1003 0 3 0x82 kqread syz-executor 1003 108307 99607 0 3 0x10008a sigsusp ksh 99607 512064 1109 0 3 0x98 kqread sshd-session 1109 290691 93647 0 3 0x92 kqread sshd-session 93647 77700 1 0 3 0x88 kqread sshd 76674 135715 93198 74 3 0x1100092 bpf pflogd 93198 292746 1 0 3 0x80 sbwait pflogd 29893 408452 7753 73 3 0x1100090 kqread syslogd 7753 519125 1 0 3 0x100082 sbwait syslogd 37628 71909 1 0 3 0x100080 kqread resolvd 46127 377593 47665 77 3 0x100092 kqread dhcpleased 18524 371009 47665 77 3 0x100092 kqread dhcpleased 47665 166108 1 0 3 0x80 kqread dhcpleased 64130 312465 0 0 3 0x14200 bored smr 78021 304440 0 0 2 0x14200 zerothread 10292 492594 0 0 3 0x14200 aiodoned aiodoned 16366 88028 0 0 3 0x14200 syncer update 9534 179845 0 0 3 0x14200 cleaner cleaner 65794 510665 0 0 3 0x14200 reaper reaper 57595 45050 0 0 3 0x14200 pgdaemon pagedaemon 84445 513311 0 0 3 0x14200 bored viomb 14061 420496 0 0 3 0x40014200 acpi0 acpi0 9448 104660 0 0 3 0x40014200 idle1 71222 215333 0 0 3 0x14200 bored softnet3 6685 487567 0 0 3 0x14200 bored softnet2 21515 229456 0 0 3 0x14200 bored softnet1 98208 448950 0 0 3 0x14200 bored softnet0 1907 397927 0 0 3 0x14200 bored systqmp 40151 327706 0 0 3 0x14200 bored systq 53937 108568 0 0 3 0x14200 tmoslp softclockmp 29432 101859 0 0 3 0x40014200 tmoslp softclock 51992 270084 0 0 3 0x40014200 idle0 1 464773 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 71658 (syz-executor) thread 0xffff8000ffff9980 (315378) exclusive rwlock vmmaplk r = 0 (0xfffffd806be84bc8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5250 #3 uvmfault_lookup+0xe8 sys/uvm/uvm_fault.c:1858 #4 uvm_fault_check+0x987 uvmfault_amapcopy sys/uvm/uvm_fault.c:235 [inline] #4 uvm_fault_check+0x987 sys/uvm/uvm_fault.c:774 #5 uvm_fault+0x106 sys/uvm/uvm_fault.c:668 #6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 #7 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 #8 recall_trap+0x8 Process 12513 (syz-executor) thread 0xffff8000ffff8cd8 (312287) exclusive rrwlock inode r = 0 (0xfffffd805be97500) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:616 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 vn_open+0x13f sys/kern/vfs_vnops.c:140 #8 sys_ktrace+0x9a sys/kern/kern_ktrace.c:551 #9 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #9 syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 #10 Xsyscall+0x128 Process 22073 (syz-executor) thread 0xffff8000ffff8030 (55720) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839ad518) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 __mp_acquire_count+0x58 #2 mi_switch+0x4b7 sys/kern/sched_bsd.c:441 #3 yield+0x6a sys/kern/sched_bsd.c:320 #4 malloc+0xe5 sys/kern/kern_malloc.c:174 #5 sys_semop+0x234 sys/kern/sysv_sem.c:564 #6 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #6 syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 Process 22073 (syz-executor) thread 0xffff8000ffff82b8 (178822) exclusive rwlock futex r = 0 (0xffffffff838374a8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 sys_futex+0x69 sys/kern/sys_futex.c:98 #3 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #3 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577 #4 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10217 11217K 11414K 166960K 12574 0 pcb 18 15K 16K 166960K 184 0 rtable 295 9K 10K 166960K 836 0 pf 37 18K 19K 166960K 95 0 ifaddr 36 6K 7K 166960K 78 0 ifgroup 57 2K 3K 166960K 121 0 sysctl 4 1K 1K 166960K 4 0 counters 66 36K 37K 166960K 112 0 ioctlops 0 0K 4K 166960K 1520 0 iov 0 0K 16K 166960K 103 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1431 90K 90K 166960K 1948 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 8 0 VM map 2 1K 1K 166960K 2 0 sem 25 6K 6K 166960K 70 0 dirhash 12 2K 3K 166960K 42 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 19 69K 89K 166960K 758 0 sigio 0 0K 0K 166960K 12 0 proc 72 91K 152K 166960K 637 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 123 0 in_multi 67 5K 6K 166960K 133 0 ether_multi 1 0K 0K 166960K 5 0 mrt 1 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 109 493K 493K 166960K 109 0 exec 0 0K 1K 166960K 593 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 242 73K 82K 166960K 8674 0 UVM aobj 27 2K 4K 166960K 30 0 pinsyscall 45 90K 108K 166960K 1862 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 1 0K 0K 166960K 24 0 NDP 13 0K 1K 166960K 53 0 temp 49 8636K 8758K 166960K 14967 0 kqueue 14 22K 32K 166960K 136 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 119 0 114 2 1 1 2 0 8 0 rtentry 112 198 0 62 5 0 5 5 0 8 0 unpcb 144 502 0 485 5 3 2 4 0 8 1 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpcb 808 365 0 361 13 6 7 8 0 8 6 arp 120 87 0 9 3 0 3 3 0 8 0 inpcb 376 987 0 975 14 6 8 8 0 8 6 nd6 136 26 0 9 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 1 0 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1168 16 0 15 2 1 1 1 0 8 0 pppxif 1472 2 0 2 2 2 0 1 0 8 0 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pffrag 232 2 0 0 1 0 1 1 0 482 0 pffrnode 88 2 0 0 1 0 1 1 0 8 0 pffrent 40 35 0 33 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 58 0 13 1 0 1 1 0 8 0 pfstkey 128 60 0 15 2 0 2 2 0 8 0 pfstate 376 59 0 14 5 0 5 5 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 588 0 269 26 3 23 26 0 8 1 art_table 32 591 0 269 4 0 4 4 0 8 0 art_node 16 197 0 133 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 4 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 57 0 35 1 0 1 1 0 8 0 shmpl 112 27 0 3 1 0 1 1 0 8 0 dirhash 1024 37 0 20 3 0 3 3 0 8 0 dino2pl 256 2753 0 1253 95 0 95 95 0 8 0 ffsino 280 2753 0 1253 109 0 109 109 0 8 0 nchpl 144 3806 0 2113 64 0 64 64 0 8 0 uvmvnodes 80 3209 0 0 66 0 66 66 0 8 0 vnodes 216 3209 0 0 179 0 179 179 0 8 0 namei 1024 13300 0 13299 3 2 1 2 0 8 0 percpumem 16 70 0 23 1 0 1 1 0 8 0 kstatmem 264 66 0 40 3 1 2 3 0 8 0 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 11797 0 11797 10 9 1 8 1 8 1 plimitpl 152 107 0 90 1 0 1 1 0 8 0 sigapl 424 1099 0 1027 9 0 9 9 0 8 0 futexpl 64 9386 0 9379 1 0 1 1 0 8 0 knotepl 120 332 0 0 11 0 11 11 0 8 0 kqueuepl 216 256 0 246 3 2 1 3 0 8 0 pipepl 328 223 0 195 5 0 5 5 0 8 2 fdescpl 504 1038 0 1005 5 0 5 5 0 8 0 filepl 152 6306 0 6082 14 2 12 12 0 8 2 lockfpl 104 171 0 169 1 0 1 1 0 8 0 lockfspl 48 78 0 76 1 0 1 1 0 8 0 sessionpl 144 25 0 16 1 0 1 1 0 8 0 pgrppl 48 73 0 56 1 0 1 1 0 8 0 ucredpl 104 705 0 691 1 0 1 1 0 8 0 zombiepl 144 1238 0 1238 2 1 1 1 0 8 1 processpl 1168 1099 0 1027 6 0 6 6 0 8 0 procpl 648 2190 0 2106 8 0 8 8 0 8 0 srpgc 96 7 0 7 2 1 1 1 0 8 1 sockpl 688 1615 0 1581 14 5 9 10 0 8 5 mcl64k 65536 2 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 113 0 0 15 0 15 15 0 8 0 mcl2k 2048 35 0 0 5 0 5 5 0 8 0 mtagpl 96 69 0 0 2 0 2 2 0 8 0 mbufpl 256 362 0 0 23 0 23 23 0 8 0 bufpl 280 3376 0 134 232 0 232 232 0 8 0 anonpl 24 152552 0 148630 58 13 45 48 0 184 18 amapchunkpl 152 27496 0 26952 28 2 26 26 0 158 5 amappl16 200 2537 0 2505 14 7 7 11 0 8 5 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 118 0 105 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 1688 0 1654 3 1 2 2 0 8 0 amappl11 160 49 0 35 1 0 1 1 0 8 0 amappl10 152 5 0 4 1 0 1 1 0 8 0 amappl9 144 250 0 250 1 1 0 1 0 8 0 amappl8 136 25 0 22 1 0 1 1 0 8 0 amappl7 128 109 0 95 1 0 1 1 0 8 0 amappl6 120 199 0 193 1 0 1 1 0 8 0 amappl5 112 124 0 114 1 0 1 1 0 8 0 amappl4 104 314 0 293 1 0 1 1 0 8 0 amappl3 96 5448 0 5323 4 0 4 4 0 8 0 amappl2 88 659 0 593 2 0 2 2 0 8 0 amappl1 80 9910 0 9315 15 1 14 15 0 8 0 amappl 88 8261 0 8078 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 29 0 3 1 0 1 1 0 8 0 uaddrrnd 24 1038 0 1005 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1038 0 1005 1 0 1 1 0 8 0 vmmpekpl 168 10197 0 10155 3 0 3 3 0 8 0 vmmpepl 168 67781 0 65824 97 6 91 93 0 357 4 vmsppl 456 1037 0 1005 5 0 5 5 0 8 0 rwobjpl 64 23121 0 18892 70 1 69 69 0 8 0 pdppl 4096 2084 0 2010 102 28 74 84 0 8 0 pvpl 32 14564 0 0 120 2 118 118 0 265 0 pmappl 248 1037 0 1005 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 308 0 43 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff8000ffff8030,ffff80003c4fea20,ffff80003c4fe970) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff80003c4fea20) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4fea20) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3d10227e8c0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029aabff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x76829029e240, count: -3