panic: pool_do_get: shmpl free list modified: page 0xfffffd8060667000; item addr 0xfffffd80606674d0; offset 0x2c=0xdeaf4151 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *426851 24851 0 0 0x4000000 0K syz-executor 446137 86314 0 0x2 0x1 1 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83067bbb) at panic+0x1e5 sys/kern/subr_prf.c:198 pool_do_get(ffffffff83632e40,1,ffff80003722cf78) at pool_do_get+0x5e6 pool_get(ffffffff83632e40,1) at pool_get+0x141 shmget_allocate_segment(ffff8000ffff6a40,ffff80003722d1d0,0,ffff80003722d120) at shmget_allocate_segment+0x1a7 sys_shmget(ffff8000ffff6a40,ffff80003722d1d0,ffff80003722d120) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:480 syscall(ffff80003722d1d0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80003722d1d0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb6b1cbdba0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: pool_do_get: shmpl free list modified: page 0xfffffd8060667000; item addr 0xfffffd80606674d0; offset 0x2c=0xdeaf4151 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83067bbb) at panic+0x1e5 sys/kern/subr_prf.c:198 pool_do_get(ffffffff83632e40,1,ffff80003722cf78) at pool_do_get+0x5e6 pool_get(ffffffff83632e40,1) at pool_get+0x141 shmget_allocate_segment(ffff8000ffff6a40,ffff80003722d1d0,0,ffff80003722d120) at shmget_allocate_segment+0x1a7 sys_shmget(ffff8000ffff6a40,ffff80003722d1d0,ffff80003722d120) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:480 syscall(ffff80003722d1d0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80003722d1d0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb6b1cbdba0, count: -8 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80003722cdc0 rbx 0xffffffff8345cdbf cpu_info_full_primary+0x2dbf rdx 0xffff800001295380 rcx 0xffff8000ffff6a40 rax 0xffffffff8345bff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x2d71c9adab2c8494 r11 0xa7d58087bfe08a4e r12 0xffffffff8345cbc0 cpu_info_full_primary+0x2bc0 r13 0 r14 0 r15 0x1 rip 0xffffffff8213f205 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003722cdb0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=426851 pid=24851 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffff7460,0xffff8000367987d0 process=0xffff8000371c9240 user=0xffff800037228000, vmspace=0xfffffd806c4071d0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 92785 73863 18366 0 2 0 syz-executor 92785 327816 18366 0 3 0x4000080 fsleep syz-executor 92785 201661 18366 0 3 0x4000080 fsleep syz-executor 92785 103133 18366 0 3 0x4000080 fsleep syz-executor 24851 251929 32442 0 2 0 syz-executor *24851 426851 32442 0 7 0x4000000 syz-executor 5418 302850 69468 0 2 0x10 syz-executor 5418 315230 69468 0 3 0x4000090 fsleep syz-executor 5418 339971 69468 0 2 0x4000010 syz-executor 6991 90759 14665 0 3 0x80 nanoslp syz-executor 6991 388214 14665 0 3 0x4000080 kqpoll syz-executor 6991 499295 14665 0 3 0x4000080 fsleep syz-executor 36173 105425 45281 0 2 0 syz-executor 36173 519090 45281 0 3 0x4000000 smrbar syz-executor 36173 470154 45281 0 3 0x4000080 fsleep syz-executor 32613 40558 63717 0 2 0 syz-executor 32613 152088 63717 0 3 0x4000080 kqsel syz-executor 32613 282631 63717 0 3 0x4000080 kqsel syz-executor 32613 192267 63717 0 3 0x4000080 fsleep syz-executor 55619 15911 24370 0 3 0x3000 suspend syz-executor 55619 32925 24370 0 3 0x4081000 biowait syz-executor 55619 70279 24370 0 3 0x4081000 inode syz-executor 55619 376062 24370 0 3 0x4081000 inode syz-executor 19199 24438 0 0 3 0x14200 acct acct 63717 217328 5946 0 2 0x2 syz-executor 32442 417573 5946 0 3 0x82 nanoslp syz-executor 86314 446137 5946 0 7 0x3 syz-executor 18366 125401 5946 0 3 0x82 nanoslp syz-executor 24370 183337 5946 0 3 0x82 wait syz-executor 69468 420412 5946 0 3 0x82 nanoslp syz-executor 45281 298178 5946 0 3 0x82 nanoslp syz-executor 14665 432079 5946 0 3 0x82 nanoslp syz-executor 27733 273652 1 0 3 0x100083 ttyin getty 54067 441378 0 0 3 0x14200 bored sosplice 5946 424367 97703 0 2 0x82 syz-executor 97703 318566 67558 0 3 0x10008a sigsusp ksh 67558 406231 60165 0 3 0x98 kqread sshd-session 60165 373267 4062 0 3 0x92 kqread sshd-session 4062 387377 1 0 3 0x88 kqread sshd 14302 482701 35117 74 3 0x1100092 bpf pflogd 35117 11996 1 0 3 0x80 sbwait pflogd 50227 378389 15785 73 3 0x1100090 kqread syslogd 15785 161599 1 0 3 0x100082 sbwait syslogd 46429 400552 1 0 3 0x100080 kqread resolvd 33951 110323 12796 77 3 0x100092 kqread dhcpleased 46237 336842 12796 77 3 0x100092 kqread dhcpleased 12796 191423 1 0 3 0x80 kqread dhcpleased 23156 265263 0 0 3 0x14200 bored smr 21824 410738 0 0 2 0x14200 zerothread 1374 99691 0 0 3 0x14200 aiodoned aiodoned 65147 453606 0 0 3 0x14200 syncer update 52895 185668 0 0 3 0x14200 cleaner cleaner 15332 456980 0 0 3 0x14200 reaper reaper 32007 404811 0 0 3 0x14200 pgdaemon pagedaemon 60907 486916 0 0 3 0x14200 bored viomb 3084 176464 0 0 3 0x40014200 acpi0 acpi0 49609 36687 0 0 3 0x40014200 idle1 9896 487248 0 0 3 0x14200 bored softnet3 75324 493094 0 0 3 0x14200 bored softnet2 18036 433083 0 0 3 0x14200 bored softnet1 12179 511228 0 0 3 0x14200 bored softnet0 60636 73634 0 0 3 0x14200 bored systqmp 52083 63751 0 0 3 0x14200 bored systq 68051 223583 0 0 3 0x14200 tmoslp softclockmp 50488 219105 0 0 3 0x40014200 tmoslp softclock 38363 138634 0 0 3 0x40014200 idle0 1 80040 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex shmpl r = 0 (0xffffffff83632e50) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 pool_get+0x103 sys/kern/subr_pool.c:579 #4 shmget_allocate_segment+0x1a7 #5 sys_shmget+0x1b2 sys/kern/sysv_shm.c:480 #6 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #6 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 CPU 1: exclusive mutex /syzkaller/managers/multicore/kernel/sys/kern/kern_malloc.c:91 r = 0 (0xffffffff83498028) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 malloc+0x2f9 sys/kern/kern_malloc.c:195 #4 dofilewritev+0x1dc #5 sys_write+0xa2 sys/kern/sys_generic.c:300 #6 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #6 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 Process 24851 (syz-executor) thread 0xffff8000ffff6a40 (426851) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83504418) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #1 syscall+0xad6 sys/arch/amd64/amd64/trap.c:577 #2 Xsyscall+0x128 exclusive mutex shmpl r = 0 (0xffffffff83632e50) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 pool_get+0x103 sys/kern/subr_pool.c:579 #4 shmget_allocate_segment+0x1a7 #5 sys_shmget+0x1b2 sys/kern/sysv_shm.c:480 #6 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #6 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 Process 36173 (syz-executor) thread 0xffff800036798a48 (519090) exclusive rwlock clonelk r = 0 (0xffffffff8349f590) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 if_clone_destroy+0x67 #2 ifioctl+0x5c5 #3 sys_ioctl+0x67c #4 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #4 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #5 Xsyscall+0x128 Process 55619 (syz-executor) thread 0xffff8000367982b0 (32925) exclusive rrwlock inode r = 0 (0xfffffd807c5da4d8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vn_write+0x18d sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x23c sys/kern/sys_generic.c:380 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #8 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 Process 55619 (syz-executor) thread 0xffff800036799468 (70279) exclusive rrwlock inode r = 0 (0xfffffd80623180a8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 domknodat+0xb4 sys/kern/vfs_syscalls.c:1576 #8 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #8 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10229 11202K 11514K 166960K 11766 0 pcb 17 15K 16K 166960K 181 0 rtable 200 6K 7K 166960K 932 0 pf 36 18K 20K 166960K 105 0 ifaddr 41 7K 7K 166960K 126 0 ifgroup 55 2K 2K 166960K 147 0 sysctl 2 0K 0K 166960K 2 0 counters 64 36K 37K 166960K 112 0 ioctlops 0 0K 4K 166960K 1558 0 iov 0 0K 16K 166960K 78 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1426 90K 90K 166960K 2006 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 13 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 94 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 17 61K 89K 166960K 909 0 sigio 0 0K 0K 166960K 12 0 proc 73 91K 128K 166960K 1045 0 subproc 104 6K 6K 166960K 312 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 122 0 in_multi 94 6K 7K 166960K 302 0 ether_multi 1 0K 0K 166960K 9 0 mrt 1 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 241 1076K 1076K 166960K 241 0 exec 0 0K 1K 166960K 700 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 251 73K 77K 166960K 9195 0 UVM aobj 22 4K 4K 166960K 24 0 pinsyscall 42 84K 102K 166960K 2443 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 28 0 NDP 12 0K 2K 166960K 86 0 temp 70 6821K 6886K 166960K 44641 0 kqueue 16 26K 28K 166960K 113 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 103 0 99 1 0 1 1 0 8 0 rtentry 112 320 0 229 4 1 3 4 0 8 0 unpcb 144 793 0 774 12 6 6 6 0 8 5 syncache 336 11 0 11 2 1 1 1 0 8 1 tcpcb 808 221 0 206 5 3 2 5 0 8 0 arp 120 57 0 41 1 0 1 1 0 8 0 inpcb 336 838 0 817 13 5 8 8 0 8 5 nd6 136 80 0 56 1 0 1 1 0 8 0 pkpcb 40 3 0 3 2 2 0 1 0 8 0 kcovpl 48 24 0 16 1 0 1 1 0 8 0 ppxss 1168 3 0 3 1 1 0 1 0 8 0 pffrag 232 5 0 0 1 0 1 1 0 482 0 pffrnode 88 5 0 0 1 0 1 1 0 8 0 pffrent 40 6 0 1 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 96 0 33 1 0 1 1 0 8 0 pfstkey 128 112 0 49 3 0 3 3 0 8 0 pfstate 376 104 0 41 7 0 7 7 0 8 0 pfrule 1344 22 0 16 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1300 0 857 34 5 29 29 0 8 0 art_table 32 1301 0 857 4 0 4 4 0 8 0 art_node 16 318 0 237 1 0 1 1 0 8 0 sysvmsgpl 40 9 0 5 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 90 0 80 1 0 1 1 0 8 0 shmpl 112 21 0 2 1 0 1 1 0 8 0 pool(0xffffffff83632e40:shmpl): page inconsistency: page 0xfffffd8060667000; 15 on list, 19 missing, 35 items per page dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 2620 0 1085 97 0 97 97 0 8 0 ffsino 272 2620 0 1085 103 0 103 103 0 8 0 nchpl 144 3595 0 1887 64 0 64 64 0 8 0 uvmvnodes 80 3152 0 0 65 0 65 65 0 8 0 vnodes 216 3152 0 0 176 0 176 176 0 8 0 namei 1024 13280 0 13278 3 2 1 2 0 8 0 percpumem 16 70 0 24 1 0 1 1 0 8 0 kstatmem 264 72 0 48 3 1 2 3 0 8 0 scsiplug 72 2 0 2 2 1 1 1 0 8 1 scxspl 216 19113 0 19112 10 9 1 8 1 8 0 plimitpl 152 184 0 164 1 0 1 1 0 8 0 sigapl 424 1188 0 1137 9 3 6 7 0 8 0 futexpl 64 8297 0 8290 3 2 1 1 0 8 0 knotepl 120 579 0 0 17 0 17 17 0 8 0 kqueuepl 216 166 0 152 1 0 1 1 0 8 0 pipepl 320 213 0 184 3 0 3 3 0 8 0 fdescpl 496 1168 0 1137 6 1 5 5 0 8 0 filepl 152 6222 0 5955 24 8 16 16 0 8 4 lockfpl 104 230 0 226 1 0 1 1 0 8 0 lockfspl 48 96 0 92 1 0 1 1 0 8 0 sessionpl 144 46 0 37 1 0 1 1 0 8 0 pgrppl 48 81 0 64 1 0 1 1 0 8 0 ucredpl 104 925 0 911 1 0 1 1 0 8 0 zombiepl 144 1138 0 1137 1 0 1 1 0 8 0 processpl 1160 1188 0 1137 5 1 4 5 0 8 0 procpl 648 2128 0 2061 7 1 6 6 0 8 0 srpgc 96 2 0 2 1 0 1 1 0 8 1 sosppl 168 5 0 5 2 1 1 1 0 8 1 sockpl 664 1747 0 1702 27 14 13 16 0 8 8 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 132 0 0 17 0 17 17 0 8 0 mcl2k 2048 29 0 0 4 0 4 4 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 378 0 0 23 0 23 23 0 8 0 bufpl 280 7190 0 1016 442 0 442 442 0 8 0 anonpl 24 211119 0 205119 79 7 72 72 0 185 27 amapchunkpl 152 29189 0 28641 34 3 31 31 0 158 8 amappl16 200 4780 0 4606 55 26 29 29 0 8 18 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 161 0 149 1 0 1 1 0 8 0 amappl13 176 7 0 7 1 1 0 1 0 8 0 amappl12 168 2075 0 2044 3 1 2 2 0 8 0 amappl11 160 49 0 34 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 1 0 1 0 8 0 amappl9 144 135 0 135 1 1 0 1 0 8 0 amappl8 136 115 0 113 1 0 1 1 0 8 0 amappl7 128 159 0 147 1 0 1 1 0 8 0 amappl6 120 325 0 323 1 0 1 1 0 8 0 amappl5 112 204 0 192 1 0 1 1 0 8 0 amappl4 104 389 0 370 1 0 1 1 0 8 0 amappl3 96 5938 0 5816 5 1 4 4 0 8 0 amappl2 88 1038 0 968 2 0 2 2 0 8 0 amappl1 80 12722 0 12156 17 3 14 16 0 8 0 amappl 88 8608 0 8418 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 23 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1168 0 1137 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1168 0 1137 1 0 1 1 0 8 0 vmmpekpl 168 11000 0 10963 3 0 3 3 0 8 0 vmmpepl 168 80761 0 78723 115 12 103 103 0 357 9 vmsppl 440 1167 0 1137 6 2 4 5 0 8 0 rwobjpl 56 29154 0 24876 67 2 65 65 0 8 3 pdppl 4096 2343 0 2274 121 50 71 85 0 8 2 pvpl 32 28678 0 0 232 0 232 232 0 265 0 pmappl 248 1167 0 1137 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 432 0 69 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff83067bbb) at panic+0x1e5 sys/kern/subr_prf.c:198 pool_do_get(ffffffff83632e40,1,ffff80003722cf78) at pool_do_get+0x5e6 pool_get(ffffffff83632e40,1) at pool_get+0x141 shmget_allocate_segment(ffff8000ffff6a40,ffff80003722d1d0,0,ffff80003722d120) at shmget_allocate_segment+0x1a7 sys_shmget(ffff8000ffff6a40,ffff80003722d1d0,ffff80003722d120) at sys_shmget+0x1b2 sys/kern/sysv_shm.c:480 syscall(ffff80003722d1d0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80003722d1d0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb6b1cbdba0, count: -8 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:154 ktrgenio(ffff8000371c6cd8,f8,1,ffff800000b441e0,4) at ktrgenio+0x238 sys/kern/kern_ktrace.c:258 dofilewritev(ffff8000371c6cd8,f8,ffff8000371ddd38,0,ffff8000371dddf0) at dofilewritev+0x4f3 sys/kern/sys_generic.c:401 sys_write(ffff8000371c6cd8,ffff8000371ddea0,ffff8000371dddf0) at sys_write+0xa2 sys/kern/sys_generic.c:300 syscall(ffff8000371ddea0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371ddea0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7164a1248e60, count: 6 ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:154 ktrgenio(ffff8000371c6cd8,f8,1,ffff800000b441e0,4) at ktrgenio+0x238 sys/kern/kern_ktrace.c:258 dofilewritev(ffff8000371c6cd8,f8,ffff8000371ddd38,0,ffff8000371dddf0) at dofilewritev+0x4f3 sys/kern/sys_generic.c:401 sys_write(ffff8000371c6cd8,ffff8000371ddea0,ffff8000371dddf0) at sys_write+0xa2 sys/kern/sys_generic.c:300 syscall(ffff8000371ddea0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371ddea0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7164a1248e60, count: -9