kernel: protection fault trap, code=0 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace sys_semop(ffff80003881fa18,ffff80003c4fd0f0,ffff80003c4fd040) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c4fd0f0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4fd0f0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3f4dff5f1a0, count: -3 ddb{1}> show registers rdi 0 rsi 0xb rbp 0xffff80003c4fd010 rbx 0xdeadbeefdeadbeef rdx 0 rcx 0xffff80003881fa18 rax 0xffff8000299edff0 r8 0x7f7fffffc000 r9 0x1 r10 0x63dc3223a00674df r11 0x1e05d592c423b8a0 r12 0xb r13 0xfffffd80641a0ee0 r14 0xffff80003c4fd0f0 r15 0xb rip 0xffffffff82cd6df2 sys_semop+0x352 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c4fcf20 ss 0x10 sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> show proc PROC (syz-executor) tid=3224 pid=64305 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=78, usrpri=78, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003881f780,0xffff80003881ed30 process=0xffff800038825360 user=0xffff80003c4f8000, vmspace=0xfffffd806b8d7d70 estcpu=28, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 41114 482447 43919 0 2 0 syz-executor 41114 309278 43919 0 3 0x4000080 fsleep syz-executor 49965 208311 29642 0 2 0 syz-executor 49965 351064 29642 0 3 0x4000080 fsleep syz-executor 99899 152798 1931 0 2 0 syz-executor 99899 168410 1931 0 3 0x4000080 fsleep syz-executor 40846 59991 5547 0 2 0 syz-executor 40846 20707 5547 0 3 0x4000080 fsleep syz-executor 64305 440616 25185 0 2 0 syz-executor *64305 3224 25185 0 7 0x4000000 syz-executor 64305 115164 25185 0 3 0x4000080 fsleep syz-executor 45633 423848 11146 0 3 0x80 nanoslp syz-executor 45633 309514 11146 0 3 0x4000080 fsleep syz-executor 45633 105536 11146 0 2 0x4000000 syz-executor 45633 438419 11146 0 3 0x4000080 fsleep syz-executor 1931 54019 66100 0 3 0x82 nanoslp syz-executor 55048 292103 0 0 3 0x14200 acct acct 70310 205694 0 0 3 0x14200 bored sosplice 76635 440445 0 0 3 0x14280 nfsidl nfsio 89388 214314 0 0 3 0x14280 nfsidl nfsio 50198 381830 0 0 3 0x14280 nfsidl nfsio 56642 357949 0 0 3 0x14280 nfsidl nfsio 40352 222626 0 0 3 0x14280 nfsidl nfsio 66638 303122 0 0 3 0x14280 nfsidl nfsio 70593 372349 0 0 3 0x14280 nfsidl nfsio 32034 176825 0 0 3 0x14280 nfsidl nfsio 3568 351172 0 0 3 0x14280 nfsidl nfsio 20651 325900 0 0 3 0x14280 nfsidl nfsio 73291 309290 0 0 3 0x14280 nfsidl nfsio 99523 518956 0 0 3 0x14280 nfsidl nfsio 21074 165100 0 0 3 0x14280 nfsidl nfsio 20652 45882 0 0 3 0x14280 nfsidl nfsio 97439 461323 0 0 3 0x14280 nfsidl nfsio 88682 72068 0 0 3 0x14280 nfsidl nfsio 27116 498917 0 0 3 0x14280 nfsidl nfsio 61637 135123 0 0 3 0x14280 nfsidl nfsio 7497 341583 0 0 3 0x14280 nfsidl nfsio 52770 32261 0 0 3 0x14280 nfsidl nfsio 3280 358612 66100 0 3 0x82 nanoslp syz-executor 11146 394656 66100 0 3 0x82 nanoslp syz-executor 43919 58907 66100 0 3 0x82 nanoslp syz-executor 25185 293477 66100 0 3 0x82 nanoslp syz-executor 11530 152422 66100 0 3 0x2 biowait syz-executor 5547 408796 66100 0 3 0x82 nanoslp syz-executor 29642 305347 66100 0 3 0x82 nanoslp syz-executor 66100 242716 56517 0 3 0x82 kqread syz-executor 56517 513233 81096 0 3 0x10008a sigsusp ksh 81096 139370 65375 0 3 0x98 kqread sshd-session 65375 466 4203 0 3 0x92 kqread sshd-session 15543 514204 1 0 3 0x100083 ttyopn getty 4203 261799 1 0 3 0x88 kqread sshd 38267 398691 83787 74 3 0x1100092 bpf pflogd 83787 269160 1 0 3 0x80 sbwait pflogd 26637 439160 42661 73 3 0x1100090 kqread syslogd 42661 357997 1 0 3 0x100082 sbwait syslogd 91351 222929 1 0 3 0x100080 kqread resolvd 19153 444524 87255 77 3 0x100092 kqread dhcpleased 27071 372578 87255 77 3 0x100092 kqread dhcpleased 87255 290739 1 0 3 0x80 kqread dhcpleased 25996 318724 0 0 3 0x14200 bored smr 59719 392781 0 0 2 0x14200 zerothread 38543 93151 0 0 3 0x14200 aiodoned aiodoned 51115 170166 0 0 3 0x14200 syncer update 51205 302271 0 0 3 0x14200 cleaner cleaner 63681 91052 0 0 3 0x14200 reaper reaper 85565 64470 0 0 3 0x14200 pgdaemon pagedaemon 70947 139823 0 0 3 0x14200 bored viomb 58993 182312 0 0 3 0x40014200 acpi0 acpi0 48490 306232 0 0 3 0x40014200 idle1 58871 212674 0 0 3 0x14200 bored softnet7 41453 225092 0 0 3 0x14200 bored softnet6 60208 166820 0 0 3 0x14200 bored softnet5 90019 117793 0 0 3 0x14200 bored softnet4 65870 233415 0 0 3 0x14200 bored softnet3 82236 501233 0 0 3 0x14200 bored softnet2 95982 413224 0 0 3 0x14200 bored softnet1 8704 407856 0 0 3 0x14200 bored softnet0 73778 203426 0 0 3 0x14200 bored systqmp 43960 441865 0 0 3 0x14200 bored systq 63197 520621 0 0 3 0x14200 tmoslp softclockmp 54130 474342 0 0 3 0x40014200 tmoslp softclock 30333 57661 0 0 3 0x40014200 idle0 1 31803 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 64305 (syz-executor) thread 0xffff80003881fa18 (3224) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83990aa0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe3 sys/kern/kern_malloc.c:174 #3 sys_semop+0x22f sys/kern/sysv_sem.c:-1 #4 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #4 syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 #5 Xsyscall+0x128 Process 11530 (syz-executor) thread 0xffff80002a2b9a08 (152422) exclusive rrwlock inode r = 0 (0xfffffd806b84fec0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vget+0x2a2 sys/kern/vfs_subr.c:693 #6 ufs_ihashget+0x185 sys/ufs/ufs/ufs_ihash.c:98 #7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1203 #8 ufs_lookup+0x1a36 sys/ufs/ufs/ufs_lookup.c:478 #9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #10 vfs_lookup+0x93a sys/kern/vfs_lookup.c:566 #11 namei+0x7ca sys/kern/vfs_lookup.c:250 #12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1868 #13 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #13 syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806ec20230) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vget+0x2a2 sys/kern/vfs_subr.c:693 #6 cache_lookup+0x351 sys/kern/vfs_cache.c:222 #7 ufs_lookup+0x1e3 sys/ufs/ufs/ufs_lookup.c:160 #8 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #9 vfs_lookup+0x93a sys/kern/vfs_lookup.c:566 #10 namei+0x7ca sys/kern/vfs_lookup.c:250 #11 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1868 #12 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #12 syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 #13 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10201 11028K 11429K 166960K 11734 0 pcb 17 12K 12K 166960K 80 0 rtable 212 9K 9K 166960K 331 0 pf 32 17K 81K 166960K 90 0 ifaddr 39 6K 8K 166960K 69 0 ifgroup 51 2K 2K 166960K 98 0 sysctl 2 1K 9K 166960K 8 0 counters 66 36K 37K 166960K 202 0 ioctlops 0 0K 4K 166960K 1628 0 iov 0 0K 16K 166960K 11 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1400 88K 89K 166960K 1748 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 5 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 17 0 dirhash 12 2K 2K 166960K 21 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 236K 166960K 531 0 sigio 0 0K 0K 166960K 17 0 proc 72 115K 164K 166960K 586 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 51 0 in_multi 88 6K 7K 166960K 125 0 ether_multi 1 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 410 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 230 167K 180K 166960K 6163 0 UVM aobj 7 2K 2K 166960K 8 0 pinsyscall 41 82K 100K 166960K 1609 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 85 0 NDP 11 0K 2K 166960K 47 0 temp 46 8644K 8711K 166960K 21239 0 kqueue 13 20K 30K 166960K 100 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 56 0 53 1 0 1 1 0 8 0 rtentry 176 112 0 25 5 0 5 5 0 8 0 unpcb 144 434 0 415 4 2 2 4 0 8 1 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 147 0 143 7 3 4 7 0 8 3 arp 128 12 0 3 1 0 1 1 0 8 0 inpcb 328 416 0 409 8 4 4 7 0 8 3 nd6 144 20 0 4 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 1 0 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1192 63 0 63 2 1 1 1 0 8 1 pppxif 1504 2 0 2 1 1 0 1 0 8 0 pffrag 232 6 0 2 1 0 1 1 0 482 0 pffrnode 88 6 0 2 1 0 1 1 0 8 0 pffrent 40 10 0 4 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 35 0 1 1 0 1 1 0 8 0 pfstkey 128 35 0 1 2 0 2 2 0 8 0 pfstate 384 35 0 1 4 0 4 4 0 8 0 pfrule 1344 22 0 17 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 534 0 130 28 2 26 28 0 8 0 art_table 40 535 0 130 5 0 5 5 0 8 0 art_node 32 112 0 34 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 2 2 1 1 1 0 8 0 semapl 112 13 0 4 1 0 1 1 0 8 0 shmpl 112 5 0 1 1 0 1 1 0 8 0 dirhash 1024 23 0 6 3 0 3 3 0 8 0 dino2pl 256 2238 0 732 95 0 95 95 0 8 0 ffsino 296 2238 0 732 117 0 117 117 0 8 0 nchpl 144 2927 0 1237 63 0 63 63 0 8 0 rtmask 32 8 0 8 2 1 1 1 0 8 1 uvmvnodes 80 2570 0 0 53 0 53 53 0 8 0 vnodes 216 2570 0 0 143 0 143 143 0 8 0 namei 1024 9648 0 9648 2 1 1 2 0 8 1 percpumem 16 116 0 68 1 0 1 1 0 8 0 kstatmem 264 60 0 36 3 1 2 3 0 8 0 scxspl 216 9984 0 9983 10 7 3 8 1 8 2 plimitpl 152 141 0 123 1 0 1 1 0 8 0 sigapl 424 827 0 752 9 0 9 9 0 8 0 knotepl 120 428 0 0 13 0 13 13 0 8 0 kqueuepl 224 216 0 207 5 3 2 5 0 8 1 pipepl 344 180 0 153 6 0 6 6 0 8 3 fdescpl 528 783 0 753 3 0 3 3 0 8 0 filepl 160 4141 0 3927 19 6 13 15 0 8 3 lockfpl 104 258 0 256 1 0 1 1 0 8 0 lockfspl 48 105 0 103 1 0 1 1 0 8 0 sessionpl 144 23 0 14 1 0 1 1 0 8 0 pgrppl 48 40 0 23 1 0 1 1 0 8 0 ucredpl 104 433 0 420 1 0 1 1 0 8 0 zombiepl 144 923 0 922 2 1 1 1 0 8 0 processpl 1232 827 0 752 6 0 6 6 0 8 0 procpl 664 1484 0 1400 8 0 8 8 0 8 0 sosppl 168 5 0 5 2 1 1 1 0 8 1 sockpl 752 911 0 882 11 3 8 10 0 8 4 mcl64k 65536 2 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 110 0 0 14 0 14 14 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 26 0 0 4 0 4 4 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 169 0 0 11 0 11 11 0 8 0 bufpl 280 3694 0 122 256 0 256 256 0 8 0 anonpl 32 6200 0 0 50 0 50 50 0 246 0 amapchunkpl 152 19530 0 19066 32 6 26 26 0 158 6 amappl16 200 2350 0 2320 7 3 4 5 0 8 2 amappl15 192 29 0 29 1 1 0 1 0 8 0 amappl14 184 113 0 101 1 0 1 1 0 8 0 amappl13 176 4 0 4 1 1 0 1 0 8 0 amappl12 168 1445 0 1414 3 1 2 2 0 8 0 amappl11 160 65 0 51 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 1 0 1 0 8 0 amappl9 144 254 0 254 1 1 0 1 0 8 0 amappl8 136 21 0 19 1 0 1 1 0 8 0 amappl7 128 123 0 111 1 0 1 1 0 8 0 amappl6 120 188 0 185 1 0 1 1 0 8 0 amappl5 112 125 0 115 1 0 1 1 0 8 0 amappl4 104 292 0 271 1 0 1 1 0 8 0 amappl3 96 3645 0 3538 4 0 4 4 0 8 1 amappl2 88 646 0 583 2 0 2 2 0 8 0 amappl1 80 9828 0 9225 14 1 13 14 0 8 0 amappl 88 5431 0 5274 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 7 0 1 1 0 1 1 0 8 0 uaddrrnd 24 783 0 753 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 783 0 753 1 0 1 1 0 8 0 vmmpekpl 168 8102 0 8059 3 0 3 3 0 8 0 vmmpepl 168 54490 0 52553 94 2 92 92 0 357 1 vmsppl 488 782 0 752 6 1 5 5 0 8 1 rwobjpl 80 19197 0 15694 72 0 72 72 0 8 0 pdppl 4096 1574 0 1504 104 32 72 84 0 8 2 pvpl 32 13142 0 0 107 1 106 106 0 265 0 pmappl 256 782 0 752 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 279 0 41 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff8378aff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83990898) at __mp_lock+0x190 __mp_lock_spin sys/kern/kern_lock.c:135 [inline] __mp_lock(ffffffff83990898) at __mp_lock+0x190 sys/kern/kern_lock.c:165 intr_handler(ffff80003c45d840,ffff800000079a80) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:559 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f Xspllower() at Xspllower+0x1d uvm_anfree_list(fffffd8063f03050,0) at uvm_anfree_list+0x1e5 sys/uvm/uvm_anon.c:129 amap_wipeout(fffffd806bedfa90) at amap_wipeout+0x248 sys/uvm/uvm_amap.c:-1 uvm_unmap_detach(ffff80003c45da60,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353 uvm_map_teardown(fffffd806b8d73e8) at uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2525 exit1(ffff80003881ea88,0,0,1) at exit1+0x6fc sys/kern/kern_exit.c:260 sys_exit(ffff80003881ea88,ffff80003c45dc30,ffff80003c45db80) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c45dc30) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c45dc30) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x78afaaa37500, count: -15 ddb{0}> machine ddbcpu 1 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> trace sys_semop(ffff80003881fa18,ffff80003c4fd0f0,ffff80003c4fd040) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c4fd0f0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4fd0f0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3f4dff5f1a0, count: -3