kernel: protection fault trap, code=0 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff80002a3b8fe8,ffff80003c481290,ffff80003c4811e0) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c481290) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c481290) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x50ddd7bbfb0, count: -3 ddb{0}> show registers rdi 0 rsi 0xb rbp 0xffff80003c4811b0 rbx 0xdeafbeaddeafbead rdx 0 rcx 0xffff80002a3b8fe8 rax 0xffffffff83787ff0 cpu_info_full_primary+0x1ff0 r8 0x7f7fffffc000 r9 0 r10 0x559fa21d8c8a1b6f r11 0xb7febfb52447d39e r12 0xb r13 0xfffffd806b8a9770 r14 0xffff80003c481290 r15 0xb rip 0xffffffff81b75d82 sys_semop+0x352 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c4810c0 ss 0x10 sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{0}> show proc PROC (syz-executor) tid=393326 pid=99647 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003a423cb0,0xffff80002a3b8830 process=0xffff800035c066a0 user=0xffff80003c47c000, vmspace=0xfffffd805c887030 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 46650 77415 48621 0 3 0 kmmaplk syz-executor 13265 139821 41724 0 3 0 kmmaplk syz-executor 99647 6690 27292 0 2 0 syz-executor *99647 393326 27292 0 7 0x4000000 syz-executor 99647 99511 27292 0 3 0x4000080 fsleep syz-executor 62816 43253 22922 0 2 0xc80 syz-executor 62816 30817 22922 0 2 0x4000c80 syz-executor 62816 288273 22922 0 2 0x4000c80 syz-executor 62816 224744 22922 0 3 0x4000080 fsleep syz-executor 59346 26523 17044 0 2 0xc80 syz-executor 59346 358594 17044 0 3 0x4000080 lockf syz-executor 59346 315023 17044 0 3 0x4000080 fsleep syz-executor 33211 265558 42119 0 3 0x3000 suspend syz-executor 33211 256151 42119 0 2 0x4081000 syz-executor 97961 459824 1158 0 3 0x3000 suspend syz-executor 97961 389887 1158 0 3 0x4081000 inode syz-executor 97961 211828 1158 0 2 0x4081000 syz-executor 91612 508327 1 0 3 0x100083 ttyopn getty 42119 59146 7060 0 2 0xc82 syz-executor 64808 277780 0 0 3 0x14200 acct acct 21458 124106 0 0 3 0x14280 nfsidl nfsio 15302 327957 0 0 3 0x14280 nfsidl nfsio 98076 329624 0 0 3 0x14280 nfsidl nfsio 35993 461009 0 0 3 0x14280 nfsidl nfsio 99182 392693 0 0 3 0x14280 nfsidl nfsio 10611 170958 0 0 3 0x14280 nfsidl nfsio 850 268234 0 0 3 0x14280 nfsidl nfsio 41772 319157 0 0 3 0x14280 nfsidl nfsio 21049 356479 0 0 3 0x14280 nfsidl nfsio 7051 272826 0 0 3 0x14280 nfsidl nfsio 63322 247656 0 0 3 0x14280 nfsidl nfsio 14650 275753 0 0 3 0x14280 nfsidl nfsio 53434 448025 0 0 3 0x14280 nfsidl nfsio 53674 280297 0 0 3 0x14280 nfsidl nfsio 95229 522803 0 0 3 0x14280 nfsidl nfsio 15575 281842 0 0 3 0x14280 nfsidl nfsio 71150 206031 0 0 3 0x14280 nfsidl nfsio 2981 434177 0 0 3 0x14280 nfsidl nfsio 11770 92779 0 0 3 0x14280 nfsidl nfsio 79137 411064 0 0 3 0x14280 nfsidl nfsio 72824 453980 0 0 3 0x14200 bored sosplice 17044 36958 7060 0 3 0x82 nanoslp syz-executor 27292 349577 7060 0 2 0xc82 syz-executor 48621 326956 7060 0 3 0x82 nanoslp syz-executor 1158 66514 7060 0 2 0xc82 syz-executor 22922 352471 7060 0 2 0xc82 syz-executor 41724 415829 7060 0 3 0x82 nanoslp syz-executor 26271 99167 7060 0 3 0x82 nanoslp syz-executor 7060 283494 48641 0 3 0x82 kqread syz-executor 48641 92259 390 0 3 0x10008a sigsusp ksh 390 179167 75084 0 3 0x98 kqread sshd-session 75084 25373 96796 0 3 0x92 kqread sshd-session 96796 46466 1 0 3 0x88 kqread sshd 88138 189187 59506 74 3 0x1100092 bpf pflogd 59506 356849 1 0 3 0x80 sbwait pflogd 65468 437181 90116 73 3 0x1100090 kqread syslogd 90116 32847 1 0 3 0x100082 sbwait syslogd 22563 451224 1 0 3 0x100080 kqread resolvd 6887 158587 42745 77 3 0x100092 kqread dhcpleased 20884 177210 42745 77 3 0x100092 kqread dhcpleased 42745 434473 1 0 3 0x80 kqread dhcpleased 45929 83853 0 0 3 0x14200 bored smr 51851 312964 0 0 3 0x14200 pgzero zerothread 32439 59050 0 0 3 0x14200 aiodoned aiodoned 48420 274835 0 0 3 0x14200 syncer update 79125 425120 0 0 3 0x14200 cleaner cleaner 84692 423707 0 0 2 0x14200 reaper 92852 155371 0 0 3 0x14200 pgdaemon pagedaemon 45062 16896 0 0 3 0x14200 bored viomb 40351 414839 0 0 3 0x40014200 acpi0 acpi0 89908 376203 0 0 3 0x40014200 idle1 19627 335769 0 0 3 0x14200 bored softnet7 89142 84721 0 0 3 0x14200 bored softnet6 39436 423596 0 0 3 0x14200 bored softnet5 78446 2181 0 0 3 0x14200 bored softnet4 58599 460370 0 0 3 0x14200 bored softnet3 46241 402237 0 0 3 0x14200 bored softnet2 79237 355171 0 0 3 0x14200 bored softnet1 45985 293120 0 0 3 0x14200 bored softnet0 78216 301851 0 0 3 0x14200 bored systqmp 4286 103617 0 0 3 0x14200 bored systq 93925 25321 0 0 3 0x14200 tmoslp softclockmp 48307 136264 0 0 2 0x40014200 softclock 61295 118158 0 0 3 0x40014200 idle0 1 372490 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 99647 (syz-executor) thread 0xffff80002a3b8fe8 (393326) Process 33211 (syz-executor) thread 0xffff80003c49a810 (256151) Process 97961 (syz-executor) thread 0xffff80003c49afd8 (211828) Process 84692 (reaper) thread 0xffff8000ffffc7d0 (423707) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10229 11067K 12186K 166960K 12388 0 pcb 18 18K 20K 166960K 431 0 rtable 204 10K 11K 166960K 549 0 pf 43 19K 23K 166960K 228 0 ifaddr 40 7K 8K 166960K 136 0 ifgroup 64 2K 3K 166960K 232 0 sysctl 4 1K 9K 166960K 16 0 counters 72 37K 38K 166960K 324 0 ioctlops 0 0K 4K 166960K 1971 0 iov 0 0K 24K 166960K 164 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1383 87K 88K 166960K 2285 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 23 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 102 0 dirhash 12 2K 2K 166960K 48 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 89K 166960K 1405 0 sigio 0 0K 0K 166960K 96 0 proc 72 115K 147K 166960K 723 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 227 0 in_multi 83 6K 7K 166960K 169 0 ether_multi 1 0K 0K 166960K 7 0 mrt 2 0K 0K 166960K 9 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 127 572K 572K 166960K 127 0 exec 0 0K 1K 166960K 609 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 264 161K 179K 166960K 14897 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 42 84K 102K 166960K 2548 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 109 0 NDP 14 0K 2K 166960K 102 0 temp 79 8651K 8722K 166960K 67447 0 kqueue 13 20K 29K 166960K 275 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 172 0 168 2 1 1 2 0 8 0 rtentry 176 172 0 95 5 0 5 5 0 8 0 unpcb 144 1104 0 1086 11 8 3 6 0 8 2 syncache 336 10 0 10 3 2 1 1 0 8 1 tcpqe 32 2 0 2 1 0 1 1 0 8 1 tcpcb 736 515 0 508 10 6 4 7 0 8 2 arp 128 14 0 6 1 0 1 1 0 8 0 inpcb 328 1870 0 1856 21 10 11 13 0 8 6 nd6 144 25 0 9 1 0 1 1 0 8 0 pkpcb 40 13 0 13 3 2 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1192 118 0 117 2 1 1 1 0 8 0 pppxif 1504 4 0 4 2 2 0 1 0 8 0 pfstscr 40 2 0 2 2 1 1 1 0 8 1 pffrag 232 10 0 6 1 0 1 1 0 482 0 pffrnode 88 10 0 6 1 0 1 1 0 8 0 pffrent 40 19 0 15 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 8 0 8 2 2 0 1 0 8 0 pfanchor 1288 1 0 1 1 1 0 1 0 8 0 pftag 88 1 0 1 1 1 0 1 0 8 0 pfstitem 24 140 0 33 1 0 1 1 0 8 0 pfstkey 128 148 0 41 4 0 4 4 0 8 0 pfstate 384 145 0 38 11 0 11 11 0 8 0 pfrule 1344 29 0 24 2 1 1 2 0 8 0 rttmr 136 2 0 2 2 2 0 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 662 0 295 32 4 28 30 0 8 0 art_table 40 666 0 295 5 0 5 5 0 8 0 art_node 32 171 0 104 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 13 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 97 0 88 1 0 1 1 0 8 0 dirhash 1024 41 0 24 3 0 3 3 0 8 0 dino2pl 256 4185 0 2676 95 0 95 95 0 8 0 ffsino 296 4185 0 2676 117 0 117 117 0 8 0 nchpl 144 6241 0 5697 64 39 25 64 0 8 0 rtmask 32 10 0 10 2 1 1 1 0 8 1 uvmvnodes 80 4589 0 0 94 0 94 94 0 8 0 vnodes 216 4589 0 0 255 0 255 255 0 8 0 namei 1024 22266 0 22266 2 1 1 1 0 8 1 percpumem 16 177 0 126 1 0 1 1 0 8 0 pfiaddrpl 120 3 0 3 1 1 0 1 0 8 0 kstatmem 264 172 0 140 3 0 3 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 9 0 9 3 2 1 1 0 8 1 scxspl 216 36487 0 36487 10 9 1 8 1 8 1 plimitpl 152 425 0 405 1 0 1 1 0 8 0 sigapl 424 1736 0 1660 9 0 9 9 0 8 0 knotepl 120 720 0 0 22 0 22 22 0 8 0 kqueuepl 224 607 0 598 7 2 5 5 0 8 4 pipepl 344 271 0 244 7 4 3 6 0 8 0 fdescpl 528 1691 0 1660 3 0 3 3 0 8 0 filepl 160 11882 0 11646 30 13 17 17 0 8 4 lockfpl 104 581 0 577 2 1 1 2 0 8 0 lockfspl 48 178 0 175 1 0 1 1 0 8 0 sessionpl 144 31 0 22 1 0 1 1 0 8 0 pgrppl 48 67 0 50 1 0 1 1 0 8 0 ucredpl 104 1691 0 1678 1 0 1 1 0 8 0 zombiepl 144 1959 0 1956 1 0 1 1 0 8 0 processpl 1232 1736 0 1660 6 0 6 6 0 8 0 procpl 664 3969 0 3882 12 3 9 9 0 8 0 sosppl 168 14 0 14 2 1 1 1 0 8 1 sockpl 752 3213 0 3177 40 26 14 18 0 8 8 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 111 0 0 14 0 14 14 0 8 0 mcl2k 2048 28 0 0 4 0 4 4 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 300 0 0 18 0 18 18 0 8 0 bufpl 280 14405 0 8261 441 1 440 440 0 8 0 anonpl 32 12154 0 0 98 0 98 98 0 246 0 amapchunkpl 152 52615 0 51955 53 13 40 40 0 158 9 amappl16 200 6833 0 6582 35 19 16 19 0 8 1 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 146 0 134 1 0 1 1 0 8 0 amappl13 176 5 0 5 2 1 1 1 0 8 1 amappl12 168 2358 0 2327 3 1 2 2 0 8 0 amappl11 160 48 0 34 1 0 1 1 0 8 0 amappl10 152 7 0 7 1 1 0 1 0 8 0 amappl9 144 289 0 289 1 1 0 1 0 8 0 amappl8 136 21 0 18 1 0 1 1 0 8 0 amappl7 128 118 0 105 1 0 1 1 0 8 0 amappl6 120 198 0 193 1 0 1 1 0 8 0 amappl5 112 140 0 130 1 0 1 1 0 8 0 amappl4 104 339 0 319 1 0 1 1 0 8 0 amappl3 96 10019 0 9902 5 1 4 4 0 8 0 amappl2 88 713 0 650 2 0 2 2 0 8 0 amappl1 80 15062 0 14462 15 0 15 15 0 8 0 amappl 88 13919 0 13729 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 257 0 257 4 3 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1691 0 1660 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1691 0 1660 1 0 1 1 0 8 0 vmmpekpl 168 15185 0 15134 3 0 3 3 0 8 0 vmmpepl 168 113993 0 111749 113 9 104 105 0 357 4 vmsppl 488 1690 0 1659 7 2 5 5 0 8 0 rwobjpl 80 37002 0 31232 120 2 118 118 0 8 0 pdppl 4096 3390 0 3318 110 36 74 84 0 8 2 pvpl 32 20346 0 0 165 1 164 164 0 265 0 pmappl 256 1690 0 1659 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 306 0 53 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff80002a3b8fe8,ffff80003c481290,ffff80003c4811e0) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c481290) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c481290) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x50ddd7bbfb0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838f7d38) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838f7d38) at __mp_lock+0x199 sys/kern/kern_lock.c:165 exit1(ffff80003a423780,0,0,1) at exit1+0x701 sys/kern/kern_exit.c:260 sys_exit(ffff80003a423780,ffff80003c499560,ffff80003c4994b0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c499560) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c499560) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x712fbe772100, count: -8