login: kernel: protection fault trap, code=0 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace sys_semop(ffff8000fffee548,ffff80003c405020,ffff80003c404f70) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c405020) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c405020) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x21739166ca0, count: -3 ddb{1}> show registers rdi 0 rsi 0xb rbp 0xffff80003c404f40 rbx 0xdeadbeefdeadbeef rdx 0 rcx 0xffff8000fffee548 rax 0xffff8000299edff0 r8 0x7f7fffffc000 r9 0x1 r10 0x32a1b06c271c7b4c r11 0xb83b5947e1484a4a r12 0xb r13 0xfffffd80695acc40 r14 0xffff80003c405020 r15 0xb rip 0xffffffff815025c2 sys_semop+0x352 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c404e50 ss 0x10 sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> show proc PROC (syz-executor) tid=356908 pid=1508 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000307dfa10,0xffff8000fffee2c0 process=0xffff80003c40f9e0 user=0xffff80003c400000, vmspace=0xfffffd800b027000 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 1508 509779 81001 0 7 0 syz-executor * 1508 356908 81001 0 7 0x4000000 syz-executor 1508 135413 81001 0 3 0x4000080 fsleep syz-executor 5967 455073 11001 0 2 0 syz-executor 5967 483122 11001 0 3 0x4000080 fsleep syz-executor 16334 225316 44255 0 2 0 syz-executor 16334 292959 44255 0 3 0x4000080 lockf syz-executor 16334 513821 44255 0 3 0x4000080 lockf syz-executor 45938 105121 79072 0 3 0x80 nanoslp syz-executor 45938 160863 79072 0 3 0x4000080 fsleep syz-executor 45938 349248 79072 0 3 0x4000080 pipewr syz-executor 48482 409259 56015 0 3 0x80 nanoslp syz-executor 48482 194964 56015 0 3 0x4000080 ttyout syz-executor 48482 482257 56015 0 3 0x4000080 fsleep syz-executor 35893 377079 86626 0 3 0x80 nanoslp syz-executor 35893 242692 86626 0 3 0x4000000 biowait syz-executor 35893 177640 86626 0 3 0x4000080 fsleep syz-executor 35893 58423 86626 0 3 0x4000080 fsleep syz-executor 35893 486961 86626 0 3 0x4000080 fsleep syz-executor 35893 464408 86626 0 3 0x4000080 fsleep syz-executor 22988 381403 6951 0 3 0x80 nanoslp syz-executor 22988 154690 6951 0 3 0x4000080 fsleep syz-executor 22988 317809 6951 0 3 0x4000080 lockf syz-executor 86626 119640 4000 0 3 0x82 nanoslp syz-executor 91250 507669 0 0 3 0x14200 acct acct 28949 378459 1 0 3 0x80 nanoslp init 56015 200404 4000 0 3 0x82 nanoslp syz-executor 94879 403190 4000 0 3 0x2 biowait syz-executor 85978 11208 0 0 3 0x14200 bored sosplice 11001 294767 4000 0 3 0x82 nanoslp syz-executor 44255 304952 4000 0 3 0x82 nanoslp syz-executor 6951 327020 4000 0 3 0x82 nanoslp syz-executor 79072 250635 4000 0 3 0x82 nanoslp syz-executor 81001 126250 4000 0 3 0x82 nanoslp syz-executor 4000 484680 84765 0 3 0x82 kqread syz-executor 84765 451958 14915 0 3 0x10008a sigsusp ksh 14915 471379 62148 0 3 0x98 kqread sshd-session 62148 411254 17054 0 3 0x92 kqread sshd-session 17054 33150 1 0 3 0x88 kqread sshd 75913 417676 56344 74 3 0x1100092 bpf pflogd 56344 58831 1 0 3 0x80 sbwait pflogd 22381 287515 81354 73 3 0x1100090 kqread syslogd 81354 363569 1 0 3 0x100082 sbwait syslogd 47155 188650 1 0 3 0x100080 kqread resolvd 3004 164707 53012 77 3 0x100092 kqread dhcpleased 40217 253922 53012 77 3 0x100092 kqread dhcpleased 53012 204760 1 0 3 0x80 kqread dhcpleased 88366 6475 0 0 3 0x14200 bored smr 10599 420412 0 0 2 0x14200 zerothread 12916 293952 0 0 3 0x14200 aiodoned aiodoned 96597 505357 0 0 3 0x14200 syncer update 25479 200653 0 0 3 0x14200 cleaner cleaner 70821 95890 0 0 3 0x14200 reaper reaper 18248 272873 0 0 3 0x14200 pgdaemon pagedaemon 96638 121342 0 0 3 0x14200 bored viomb 1651 449610 0 0 3 0x40014200 acpi0 acpi0 38546 73066 0 0 3 0x40014200 idle1 56854 285202 0 0 3 0x14200 bored softnet1 75309 225568 0 0 3 0x14200 bored softnet0 15065 101421 0 0 3 0x14200 smrbar systqmp 20486 427360 0 0 3 0x14200 bored systq 44111 75786 0 0 3 0x14200 tmoslp softclockmp 70020 295886 0 0 3 0x40014200 tmoslp softclock 80969 263829 0 0 3 0x40014200 idle0 1 152784 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 1508 (syz-executor) thread 0xffff8000fffee548 (356908) Process 35893 (syz-executor) thread 0xffff80003c45b4f8 (242692) Process 94879 (syz-executor) thread 0xffff8000307df778 (403190) Process 15065 (systqmp) thread 0xffff8000ffffea60 (101421) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10245 11061K 13111K 166960K 14451 0 pcb 17 18K 20K 166960K 504 0 rtable 182 14K 14K 166960K 690 0 pf 35 17K 67486K 166960K 296 0 ifaddr 26 4K 8K 166960K 174 0 ifgroup 51 2K 2K 166960K 317 0 sysctl 4 1K 9K 166960K 29 0 counters 66 36K 38K 166960K 350 0 ioctlops 0 0K 4K 166960K 2010 0 iov 0 0K 24K 166960K 184 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1583 99K 100K 166960K 3769 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 616K 624K 166960K 32 0 VM map 2 1K 1K 166960K 2 0 sem 14 640K 640K 166960K 115 0 dirhash 15 2K 3K 166960K 69 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 89K 166960K 2367 0 sigio 2 0K 0K 166960K 47 0 proc 63 99K 147K 166960K 927 0 subproc 72 4K 4K 166960K 127 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 343 0 in_multi 36 2K 7K 166960K 248 0 ether_multi 1 0K 0K 166960K 18 0 mrt 0 0K 0K 166960K 21 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 295 1314K 1314K 166960K 295 0 exec 0 0K 1K 166960K 947 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 252 164K 188K 166960K 22803 0 UVM aobj 120 5K 5K 166960K 126 0 pinsyscall 41 82K 102K 166960K 3661 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 133 0 NDP 11 0K 2K 166960K 132 0 temp 78 8656K 8911K 166960K 133821 0 kqueue 14 22K 33K 166960K 513 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 361 0 358 3 2 1 3 0 8 0 rtentry 176 205 0 154 5 0 5 5 0 8 0 unpcb 144 1769 0 1751 14 13 1 6 0 8 0 syncache 336 13 0 13 4 4 0 1 0 8 0 tcpqe 32 5 0 5 2 2 0 1 0 8 0 tcpcb 736 873 0 864 13 11 2 7 0 8 0 arp 136 28 0 19 1 0 1 1 0 8 0 inpcb 328 2839 0 2822 26 24 2 13 0 8 0 nd6 152 34 0 26 1 0 1 1 0 8 0 pkpcb 40 47 0 47 3 3 0 1 0 8 0 kcovpl 48 14 0 6 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 2 0 1 0 8 0 ppxss 1192 112 0 112 3 2 1 1 0 8 1 pppxif 1504 11 0 11 4 4 0 1 0 8 0 pfstscr 40 2 0 1 1 0 1 1 0 8 0 pffrag 232 50 0 44 1 0 1 1 0 482 0 pffrnode 88 46 0 40 1 0 1 1 0 8 0 pffrent 40 105 0 99 1 0 1 1 0 8 0 pfosfp 40 1430 0 1006 5 0 5 5 0 8 0 pfosfpen 112 1430 0 715 21 0 21 21 0 8 0 pfanchor 1288 2 0 2 1 1 0 1 0 8 0 pftag 88 3 0 2 1 0 1 1 0 8 0 pfstitem 24 114 0 44 1 0 1 1 0 8 0 pfstkey 128 122 0 52 3 0 3 3 0 8 0 pfstate 384 117 0 48 8 0 8 8 0 8 0 pfrule 1344 29 0 24 2 1 1 2 0 8 0 rttmr 136 2 0 2 2 2 0 1 0 8 0 art_heap8 4096 5 0 0 5 0 5 5 0 8 0 art_heap4 256 941 0 711 30 12 18 29 0 8 0 art_table 40 946 0 711 5 0 5 5 0 8 0 art_node 32 204 0 164 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 10 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 106 0 95 1 0 1 1 0 8 0 shmpl 112 123 0 6 4 0 4 4 0 8 0 dirhash 1024 55 0 36 3 0 3 3 0 8 0 dino2pl 256 6277 0 4763 95 0 95 95 0 8 0 ffsino 296 6277 0 4763 117 0 117 117 0 8 0 nchpl 144 9569 0 7858 64 0 64 64 0 8 0 rtmask 32 23 0 23 6 5 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 35276 0 35275 5 4 1 2 0 8 0 percpumem 16 190 0 142 1 0 1 1 0 8 0 kstatmem 264 214 0 186 5 2 3 3 0 8 0 acpiwqpl 32 3 0 3 1 0 1 1 1 8 1 scsiplug 72 40 0 40 3 2 1 1 0 8 1 scxspl 216 75783 0 75781 14 12 2 8 1 8 1 plimitpl 152 841 0 822 1 0 1 1 0 8 0 sigapl 424 2693 0 2644 8 1 7 8 0 8 0 knotepl 120 586 0 0 18 0 18 18 0 8 0 kqueuepl 224 1274 0 1263 10 9 1 5 0 8 0 pipepl 344 339 0 310 6 3 3 4 0 8 0 fdescpl 528 2649 0 2618 3 0 3 3 0 8 0 filepl 160 20099 0 19871 37 24 13 19 0 8 2 lockfpl 104 1178 0 1170 4 3 1 2 0 8 0 lockfspl 48 366 0 361 1 0 1 1 0 8 0 sessionpl 144 38 0 30 1 0 1 1 0 8 0 pgrppl 48 74 0 58 1 0 1 1 0 8 0 ucredpl 104 3625 0 3612 1 0 1 1 0 8 0 zombiepl 144 2679 0 2679 1 0 1 1 0 8 1 processpl 1232 2693 0 2644 6 1 5 6 0 8 0 procpl 664 6355 0 6290 8 2 6 8 0 8 0 sosppl 168 16 0 16 4 4 0 1 0 8 0 sockpl 752 5109 0 5071 50 44 6 18 0 8 0 mcl64k 65536 17 0 0 3 0 3 3 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 111 0 0 14 0 14 14 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 57 0 0 8 0 8 8 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 249 0 0 16 0 16 16 0 8 0 bufpl 280 31600 0 25457 440 0 440 440 0 8 0 anonpl 32 15103 0 0 122 0 122 122 0 246 0 amapchunkpl 152 81610 0 81010 71 37 34 36 0 158 8 amappl16 200 10860 0 10818 85 67 18 31 0 8 6 amappl15 192 2 0 2 1 1 0 1 0 8 0 amappl14 184 149 0 138 1 0 1 1 0 8 0 amappl13 176 7 0 7 2 2 0 1 0 8 0 amappl12 168 3398 0 3368 3 1 2 2 0 8 0 amappl11 160 55 0 40 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 1 0 1 0 8 0 amappl9 144 251 0 251 1 1 0 1 0 8 0 amappl8 136 23 0 20 1 0 1 1 0 8 0 amappl7 128 136 0 124 1 0 1 1 0 8 0 amappl6 120 252 0 247 1 0 1 1 0 8 0 amappl5 112 156 0 144 1 0 1 1 0 8 0 amappl4 104 349 0 328 1 0 1 1 0 8 0 amappl3 96 13981 0 13881 3 0 3 3 0 8 0 amappl2 88 2979 0 2899 3 1 2 3 0 8 0 amappl1 80 19751 0 19175 16 1 15 15 0 8 0 amappl 88 21554 0 21372 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma8192 8192 2 0 2 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 283 0 283 5 4 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 125 0 6 3 0 3 3 0 8 0 uaddrrnd 24 2649 0 2618 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2649 0 2618 1 0 1 1 0 8 0 vmmpekpl 168 21424 0 21373 3 0 3 3 0 8 0 vmmpepl 168 173841 0 171832 130 27 103 115 0 357 0 vmsppl 488 2648 0 2618 7 2 5 5 0 8 0 rwobjpl 80 53109 0 46122 151 1 150 150 0 8 0 pdppl 4096 5306 0 5236 128 54 74 84 0 8 4 pvpl 32 25193 0 0 204 1 203 203 0 265 0 pmappl 256 2648 0 2618 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 337 0 92 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff837eaff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83936bc8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83936bc8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 intr_handler(ffff8000357f37e0,ffff800000079a80) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:559 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f __mp_lock(ffffffff83936bc8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83936bc8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc syscall(ffff8000357f3b50) at syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline] syscall(ffff8000357f3b50) at syscall+0xaf4 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x711648382b40, count: -13 ddb{0}> machine ddbcpu 1 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> trace sys_semop(ffff8000fffee548,ffff80003c405020,ffff80003c404f70) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c405020) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c405020) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x21739166ca0, count: -3