kernel: protection fault trap, code=0 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace sys_semop(ffff8000fffe9790,ffff80003c00e0f0,ffff80003c00e040) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c00e0f0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c00e0f0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x95c85db39e0, count: -3 ddb{1}> show registers rdi 0 rsi 0x6966 __ALIGN_SIZE+0x5966 rbp 0xffff80003c00e010 rbx 0xdeaf4152deb1777a rdx 0 rcx 0xffff8000fffe9790 rax 0xffff8000299edff0 r8 0x7f7fffffc000 r9 0x1 r10 0xe7cd509028e3be8d r11 0xa0d2f5674481bb17 r12 0x6966 __ALIGN_SIZE+0x5966 r13 0xfffffd8069def8c0 r14 0xffff80003c00e0f0 r15 0x6966 __ALIGN_SIZE+0x5966 rip 0xffffffff81156e32 sys_semop+0x352 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c00df20 ss 0x10 sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> show proc PROC (syz-executor) tid=203909 pid=75790 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffe9cc0,0xffff8000fffe8aa8 process=0xffff8000fffe5d00 user=0xffff80003c009000, vmspace=0xfffffd806e3ba3e0 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 83911 252142 69909 0 7 0 syz-executor 83911 31356 69909 0 2 0x4000000 syz-executor 49589 302310 63304 0 2 0 syz-executor 49589 355277 63304 0 3 0x4000080 fifow syz-executor 49589 414161 63304 0 3 0x4000080 fsleep syz-executor 59485 98907 14477 0 2 0 syz-executor 59485 126621 14477 0 3 0x4000080 fifor syz-executor 59485 361289 14477 0 3 0x4000080 fsleep syz-executor 59485 90400 14477 0 3 0x4000080 fsleep syz-executor 75790 492516 75832 0 2 0 syz-executor *75790 203909 75832 0 7 0x4000000 syz-executor 75790 287068 75832 0 3 0x4000080 fsleep syz-executor 75790 401259 75832 0 3 0x4000080 fsleep syz-executor 92725 198459 26322 0 3 0x80 nanoslp syz-executor 92725 489954 26322 0 3 0x4000080 fsleep syz-executor 92725 344659 26322 0 3 0x4000080 fsleep syz-executor 61001 37946 0 0 3 0x14200 acct acct 14477 338617 85249 0 3 0x82 nanoslp syz-executor 72141 25158 1 0 3 0x100083 ttyin getty 75832 175095 85249 0 3 0x82 nanoslp syz-executor 62238 331098 85249 0 3 0x82 wait syz-executor 69909 508254 85249 0 3 0x82 nanoslp syz-executor 90201 31102 85249 0 3 0x82 nanoslp syz-executor 63304 470655 85249 0 3 0x82 nanoslp syz-executor 14600 156158 85249 0 3 0x82 wait syz-executor 26322 123402 85249 0 3 0x82 nanoslp syz-executor 85249 430810 95381 0 3 0x82 kqread syz-executor 95381 421425 31093 0 3 0x10008a sigsusp ksh 31093 345636 74683 0 3 0x98 kqread sshd-session 74683 108114 1415 0 3 0x92 kqread sshd-session 1415 106397 1 0 3 0x88 kqread sshd 63378 34475 76624 74 3 0x1100092 bpf pflogd 76624 284101 1 0 3 0x80 sbwait pflogd 27574 36001 17695 73 3 0x1100090 kqread syslogd 17695 183139 1 0 3 0x100082 sbwait syslogd 10178 34753 1 0 3 0x100080 kqread resolvd 12994 88576 29708 77 3 0x100092 kqread dhcpleased 68945 274210 29708 77 3 0x100092 kqread dhcpleased 29708 505419 1 0 3 0x80 kqread dhcpleased 41797 478351 0 0 3 0x14200 bored smr 11193 14641 0 0 3 0x14200 pgzero zerothread 73685 213070 0 0 3 0x14200 aiodoned aiodoned 8173 296922 0 0 3 0x14200 syncer update 76054 202120 0 0 3 0x14200 cleaner cleaner 20012 364007 0 0 3 0x14200 reaper reaper 37411 172972 0 0 3 0x14200 pgdaemon pagedaemon 28124 328244 0 0 3 0x14200 bored viomb 73908 312732 0 0 3 0x40014200 acpi0 acpi0 2304 55689 0 0 3 0x40014200 idle1 81756 418550 0 0 3 0x14200 bored softnet1 22675 305020 0 0 3 0x14200 bored softnet0 86819 376747 0 0 3 0x14200 bored systqmp 27704 251310 0 0 3 0x14200 bored systq 94800 300435 0 0 3 0x14200 tmoslp softclockmp 44862 458469 0 0 3 0x40014200 tmoslp softclock 37157 100801 0 0 3 0x40014200 idle0 1 85657 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 83911 (syz-executor) thread 0xffff800034fe6fc0 (31356) exclusive rwlock vmmaplk r = 0 (0xfffffd8069cb78d0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413 #2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1902 #3 uvm_fault_check+0x4f sys/uvm/uvm_fault.c:699 #4 uvm_fault+0x106 sys/uvm/uvm_fault.c:633 #5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 #6 usertrap+0x42f sys/arch/amd64/amd64/trap.c:622 #7 recall_trap+0x8 Process 75790 (syz-executor) thread 0xffff8000fffe9790 (203909) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff838e3758) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe3 sys/kern/kern_malloc.c:174 #3 sys_semop+0x22f sys/kern/sysv_sem.c:-1 #4 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #4 syscall+0xb17 sys/arch/amd64/amd64/trap.c:765 #5 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10225 11031K 11424K 166960K 12566 0 pcb 17 14K 15K 166960K 322 0 rtable 189 9K 9K 166960K 585 0 pf 35 17K 81K 166960K 142 0 ifaddr 34 5K 8K 166960K 106 0 ifgroup 51 2K 2K 166960K 182 0 sysctl 4 1K 9K 166960K 18 0 counters 66 36K 37K 166960K 314 0 ioctlops 0 0K 4K 166960K 1845 0 iov 0 0K 16K 166960K 55 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1367 86K 86K 166960K 2203 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 25 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 66 0 dirhash 12 2K 2K 166960K 42 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 1347 0 sigio 0 0K 0K 166960K 19 0 proc 72 115K 147K 166960K 754 0 subproc 72 4K 4K 166960K 91 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 115 0 in_multi 66 4K 7K 166960K 165 0 ether_multi 1 0K 0K 166960K 12 0 mrt 0 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 664 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 270 165K 186K 166960K 13979 0 UVM aobj 7 2K 2K 166960K 7 0 pinsyscall 43 86K 109K 166960K 2520 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 110 0 NDP 11 0K 2K 166960K 72 0 temp 78 8660K 8730K 166960K 65380 0 kqueue 15 24K 30K 166960K 259 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 264 0 261 5 4 1 3 0 8 0 rtentry 176 161 0 89 6 0 6 6 0 8 0 unpcb 144 840 0 813 6 5 1 4 0 8 0 syncache 336 6 0 6 3 3 0 1 0 8 0 tcpcb 736 462 0 458 13 7 6 7 0 8 5 arp 136 28 0 15 1 0 1 1 0 8 0 inpcb 328 1501 0 1493 22 15 7 12 0 8 5 nd6 152 34 0 17 1 0 1 1 0 8 0 pkpcb 40 8 0 8 3 2 1 1 0 8 1 kcovpl 48 10 0 2 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 106 0 106 4 3 1 1 0 8 1 pppxif 1504 6 0 6 2 2 0 1 0 8 0 pfstscr 40 6 0 5 1 0 1 1 0 8 0 pffrag 232 10 0 2 1 0 1 1 0 482 0 pffrnode 88 10 0 2 1 0 1 1 0 8 0 pffrent 40 12 0 4 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 79 0 28 1 0 1 1 0 8 0 pfstkey 128 88 0 38 2 0 2 2 0 8 0 pfstate 384 86 0 36 6 0 6 6 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 682 0 387 33 11 22 31 0 8 2 art_table 40 686 0 387 5 0 5 5 0 8 0 art_node 32 159 0 95 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 1 1 1 0 1 0 8 0 semapl 112 61 0 52 1 0 1 1 0 8 0 shmpl 112 4 0 0 1 0 1 1 0 8 0 dirhash 1024 37 0 20 3 0 3 3 0 8 0 dino2pl 256 3856 0 2341 96 0 96 96 0 8 0 ffsino 296 3856 0 2341 118 1 117 118 0 8 0 nchpl 144 5650 0 3937 64 0 64 64 0 8 0 rtmask 32 6 0 6 4 3 1 1 0 8 1 vnodes 216 4302 0 0 239 0 239 239 0 8 0 namei 1024 20262 0 20262 5 4 1 2 0 8 1 percpumem 16 172 0 124 1 0 1 1 0 8 0 kstatmem 264 108 0 82 5 3 2 3 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 7 0 7 5 5 0 1 0 8 0 scxspl 216 29526 0 29526 13 11 2 8 1 8 2 plimitpl 152 691 0 673 1 0 1 1 0 8 0 sigapl 424 1631 0 1582 7 1 6 7 0 8 0 knotepl 120 508 0 0 15 0 15 15 0 8 0 kqueuepl 224 413 0 402 3 1 2 2 0 8 1 pipepl 344 333 0 306 9 6 3 9 0 8 0 fdescpl 528 1614 0 1582 3 0 3 3 0 8 0 filepl 160 10522 0 10291 25 12 13 16 0 8 1 lockfpl 104 361 0 358 1 0 1 1 0 8 0 lockfspl 48 147 0 144 1 0 1 1 0 8 0 sessionpl 144 29 0 20 1 0 1 1 0 8 0 pgrppl 48 179 0 162 1 0 1 1 0 8 0 ucredpl 104 1671 0 1656 1 0 1 1 0 8 0 zombiepl 144 2153 0 2150 2 1 1 1 0 8 0 processpl 1232 1631 0 1582 5 0 5 5 0 8 0 procpl 664 3627 0 3567 8 2 6 6 0 8 0 sosppl 176 10 0 10 4 4 0 1 0 8 0 sockpl 752 2634 0 2596 34 23 11 16 0 8 7 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 114 0 0 15 0 15 15 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 49 0 0 5 0 5 5 0 8 0 mtagpl 96 7 0 0 1 0 1 1 0 8 0 mbufpl 256 1177 0 0 72 0 72 72 0 8 0 bufpl 280 12008 0 5871 439 0 439 439 0 8 0 anonpl 32 11694 0 0 94 0 94 94 0 246 0 amapchunkpl 152 49474 0 48809 57 24 33 33 0 158 5 amappl16 200 6036 0 5847 39 22 17 22 0 8 4 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 8 0 8 1 1 0 1 0 8 0 amappl13 176 448 0 447 1 0 1 1 0 8 0 amappl12 168 1996 0 1953 3 0 3 3 0 8 0 amappl11 160 18 0 17 1 0 1 1 0 8 0 amappl10 152 56 0 42 1 0 1 1 0 8 0 amappl9 144 254 0 254 1 1 0 1 0 8 0 amappl8 136 41 0 38 1 0 1 1 0 8 0 amappl7 128 88 0 86 1 0 1 1 0 8 0 amappl6 120 310 0 296 1 0 1 1 0 8 0 amappl5 112 92 0 80 1 0 1 1 0 8 0 amappl4 104 453 0 422 2 1 1 2 0 8 0 amappl3 96 8238 0 8137 4 1 3 3 0 8 0 amappl2 88 1758 0 1678 2 0 2 2 0 8 0 amappl1 80 15148 0 14548 16 2 14 15 0 8 0 amappl 88 13017 0 12826 5 0 5 5 0 92 0 uvmvnodes 80 4302 0 0 88 0 88 88 0 8 0 dma65536 65536 2 0 2 1 1 0 1 0 8 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 256 0 256 4 4 0 1 0 8 0 dma64 64 8 0 8 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 6 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1614 0 1582 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1614 0 1582 1 0 1 1 0 8 0 vmmpekpl 168 14708 0 14667 3 0 3 3 0 8 0 vmmpepl 168 109311 0 107123 127 23 104 105 0 357 7 vmsppl 488 1613 0 1582 7 2 5 5 0 8 0 rwobjpl 80 35406 0 29977 116 5 111 111 0 8 0 pdppl 4096 3236 0 3164 118 46 72 86 0 8 0 pvpl 32 19598 0 0 159 1 158 158 0 265 0 pmappl 256 1613 0 1582 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 379 0 76 9 0 9 9 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff837dbff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x7e54ece480d0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> trace sys_semop(ffff8000fffe9790,ffff80003c00e0f0,ffff80003c00e040) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c00e0f0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c00e0f0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x95c85db39e0, count: -3