kernel: protection fault trap, code=0 Stopped at sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff8000327d94e8,ffff80003c4210f0,ffff80003c421040) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003c4210f0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4210f0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x47ed4b9f420, count: -3 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80003c421010 rbx 0xdeafbeaddeafbead rdx 0 rcx 0xffff8000327d94e8 rax 0xdeafbeaddeafbead r8 0x7f7fffffc000 r9 0 r10 0x3d839404845b7556 r11 0x3049f0974fa743ed r12 0 r13 0xfffffd806c851930 r14 0xffff80003c4210f0 r15 0 rip 0xffffffff81bc39c5 sys_semop+0x3d5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c420f20 ss 0x10 sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{0}> show proc PROC (syz-executor) tid=440932 pid=54413 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000327d8a88,0xffff80003c40dcc8 process=0xffff80003c44eb78 user=0xffff80003c41c000, vmspace=0xfffffd806c7ef5d8 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 54413 162177 31862 0 7 0 syz-executor 54413 512167 31862 0 2 0x4000080 syz-executor *54413 440932 31862 0 7 0x4000000 syz-executor 54413 126302 31862 0 3 0x4000080 fsleep syz-executor 36742 212212 56158 60928 2 0x10 syz-executor 36742 78896 56158 60928 3 0x4000090 sbwait syz-executor 57313 14095 23171 0 3 0x80 nanoslp syz-executor 57313 504900 23171 0 3 0x4000080 msgwait syz-executor 57313 369280 23171 0 3 0x4000080 fsleep syz-executor 57313 147108 23171 0 3 0x4000080 fsleep syz-executor 85765 320086 83124 0 3 0x80 nanoslp syz-executor 85765 80830 83124 0 3 0x4000080 kqread syz-executor 85765 132896 83124 0 3 0x4000080 fsleep syz-executor 85765 212927 83124 0 3 0x4000080 fsleep syz-executor 39992 249826 93367 0 2 0 syz-executor 39992 383992 93367 0 3 0x4000080 ttyin syz-executor 39992 129658 93367 0 3 0x4000080 fsleep syz-executor 39992 317318 93367 0 3 0x4000080 fsleep syz-executor 13852 206588 0 0 3 0x14280 nfsidl nfsio 34319 144798 0 0 3 0x14280 nfsidl nfsio 51513 432212 0 0 3 0x14280 nfsidl nfsio 59558 41464 0 0 3 0x14280 nfsidl nfsio 94970 97510 0 0 3 0x14280 nfsidl nfsio 2140 282406 0 0 3 0x14280 nfsidl nfsio 38866 185706 0 0 3 0x14280 nfsidl nfsio 18718 417968 0 0 3 0x14280 nfsidl nfsio 62246 76757 0 0 3 0x14280 nfsidl nfsio 6074 463938 0 0 3 0x14280 nfsidl nfsio 71282 251596 0 0 3 0x14280 nfsidl nfsio 31137 155947 0 0 3 0x14280 nfsidl nfsio 25962 231598 0 0 3 0x14280 nfsidl nfsio 51738 33678 0 0 3 0x14280 nfsidl nfsio 83928 516723 0 0 3 0x14280 nfsidl nfsio 80201 139188 0 0 3 0x14280 nfsidl nfsio 7057 42735 0 0 3 0x14280 nfsidl nfsio 9673 342978 0 0 3 0x14280 nfsidl nfsio 51340 278734 0 0 3 0x14280 nfsidl nfsio 15353 434959 0 0 3 0x14280 nfsidl nfsio 77916 67594 0 0 3 0x14200 acct acct 88675 273102 56904 0 3 0x100082 sbwait arp 56904 50555 99320 0 3 0x10008a sigsusp sh 31862 379099 18870 0 3 0x82 nanoslp syz-executor 56158 76169 18870 0 3 0x82 nanoslp syz-executor 61358 21364 18870 0 3 0x82 nanoslp syz-executor 99320 109184 18870 0 3 0x82 wait syz-executor 93367 27523 18870 0 3 0x82 nanoslp syz-executor 83124 399897 18870 0 3 0x82 nanoslp syz-executor 89548 106301 18870 0 3 0x82 wait syz-executor 23171 70899 18870 0 3 0x82 nanoslp syz-executor 18870 275577 37251 0 3 0x82 kqread syz-executor 37251 461917 83884 0 3 0x10008a sigsusp ksh 83884 99861 28212 0 3 0x98 kqread sshd-session 28212 301648 65748 0 3 0x92 kqread sshd-session 41626 84806 1 0 3 0x100083 ttyin getty 65748 399398 1 0 3 0x88 kqread sshd 91897 155526 21255 74 3 0x1100092 bpf pflogd 21255 196228 1 0 3 0x80 sbwait pflogd 35423 401872 10698 73 3 0x1100090 kqread syslogd 10698 375972 1 0 3 0x100082 sbwait syslogd 48809 106364 1 0 3 0x100080 kqread resolvd 51188 323932 69894 77 3 0x100092 kqread dhcpleased 81079 144512 69894 77 3 0x100092 kqread dhcpleased 69894 137838 1 0 3 0x80 kqread dhcpleased 79788 214842 0 0 3 0x14200 bored smr 6114 493449 0 0 2 0x14200 zerothread 52362 443323 0 0 3 0x14200 aiodoned aiodoned 53505 302718 0 0 3 0x14200 syncer update 56615 408320 0 0 3 0x14200 cleaner cleaner 95337 143289 0 0 3 0x14200 reaper reaper 36137 256737 0 0 3 0x14200 pgdaemon pagedaemon 35700 183294 0 0 3 0x14200 bored viomb 69488 337133 0 0 3 0x40014200 acpi0 acpi0 27521 224084 0 0 3 0x40014200 idle1 86649 115563 0 0 3 0x14200 bored softnet1 16469 179677 0 0 3 0x14200 bored softnet0 87073 35732 0 0 3 0x14200 bored systqmp 55368 135315 0 0 3 0x14200 bored systq 33570 407283 0 0 3 0x14200 tmoslp softclockmp 57949 355988 0 0 3 0x40014200 tmoslp softclock 23083 95295 0 0 3 0x40014200 idle0 1 372663 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 54413 (syz-executor) thread 0xffff8000327d94e8 (440932) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83912b80) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe3 sys/kern/kern_malloc.c:175 #3 sys_semop+0x22f sys/kern/sysv_sem.c:-1 #4 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #4 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 #5 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11068 12122K 12353K 166960K 12472 0 pcb 17 12K 12K 166960K 50 0 rtable 186 6K 7K 166960K 370 0 pf 32 17K 19K 166960K 56 0 ifaddr 36 6K 7K 166960K 54 0 ifgroup 51 2K 2K 166960K 78 0 sysctl 3 1K 9K 166960K 9 0 counters 68 36K 37K 166960K 92 0 ioctlops 0 0K 4K 166960K 1566 0 iov 0 0K 8K 166960K 8 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1406 88K 89K 166960K 1624 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 4 0 VM map 2 1K 1K 166960K 2 0 sem 10 0K 0K 166960K 18 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 19 69K 93K 166960K 330 0 sigio 0 0K 0K 166960K 4 0 proc 81 132K 164K 166960K 548 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 27 0 in_multi 74 5K 6K 166960K 96 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 389 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 274 170K 187K 166960K 4948 0 UVM aobj 9 8K 10K 166960K 11 0 pinsyscall 45 90K 106K 166960K 1448 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 14 0 NDP 11 0K 1K 166960K 34 0 temp 45 8675K 8743K 166960K 7837 0 kqueue 15 24K 28K 166960K 62 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 48 0 44 1 0 1 1 0 8 0 rtentry 176 110 0 31 5 0 5 5 0 8 0 unpcb 144 242 0 223 2 1 1 2 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 45 0 41 1 0 1 1 0 8 0 arp 136 18 0 2 1 0 1 1 0 8 0 inpcb 328 250 0 243 8 1 7 7 0 8 6 nd6 152 23 0 6 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 1 0 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1192 8 0 8 2 1 1 1 0 8 1 pppxif 1504 1 0 1 1 1 0 1 0 8 0 pffrag 232 4 0 1 1 0 1 1 0 482 0 pffrnode 88 4 0 1 1 0 1 1 0 8 0 pffrent 40 6 0 3 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 457 0 114 27 1 26 27 0 8 2 art_table 40 459 0 114 5 0 5 5 0 8 0 art_node 32 110 0 39 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 1 2 1 1 1 0 8 0 semapl 112 8 0 1 1 0 1 1 0 8 0 shmpl 112 6 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1986 0 477 95 0 95 95 0 8 0 ffsino 296 1986 0 477 117 0 117 117 0 8 0 nchpl 144 2462 0 760 64 0 64 64 0 8 0 rtmask 32 3 0 3 2 1 1 1 0 8 1 vnodes 216 2221 0 0 124 0 124 124 0 8 0 namei 1024 7684 0 7684 2 1 1 1 0 8 1 percpumem 16 61 0 12 1 0 1 1 0 8 0 vcpupl 3968 1 0 0 1 0 1 1 0 8 0 vmpool 848 2 0 1 1 0 1 1 0 8 0 kstatmem 264 40 0 16 3 1 2 3 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 8473 0 8473 10 2 8 8 1 8 8 plimitpl 152 87 0 69 1 0 1 1 0 8 0 sigapl 424 660 0 590 8 0 8 8 0 8 0 knotepl 120 536 0 0 17 0 17 17 0 8 0 kqueuepl 224 146 0 135 5 0 5 5 0 8 4 pipepl 344 196 0 169 9 6 3 9 0 8 0 fdescpl 528 623 0 590 3 0 3 3 0 8 0 filepl 160 3187 0 2953 20 7 13 20 0 8 3 lockfpl 104 115 0 113 1 0 1 1 0 8 0 lockfspl 48 38 0 36 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 36 0 19 1 0 1 1 0 8 0 ucredpl 104 409 0 395 1 0 1 1 0 8 0 zombiepl 144 650 0 648 1 0 1 1 0 8 0 processpl 1232 660 0 590 6 0 6 6 0 8 0 procpl 664 1026 0 943 8 0 8 8 0 8 1 sockpl 752 542 0 512 11 1 10 10 0 8 7 mcl64k 65536 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 123 0 0 16 0 16 16 0 8 0 mcl2k 2048 41 0 0 6 1 5 6 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 215 0 0 14 0 14 14 0 8 0 bufpl 280 2944 0 130 201 0 201 201 0 8 0 anonpl 32 7527 0 0 61 0 61 61 0 246 0 amapchunkpl 152 15699 0 15139 34 8 26 29 0 158 3 amappl16 200 2269 0 2239 7 3 4 5 0 8 0 amappl15 192 6 0 5 1 0 1 1 0 8 0 amappl14 184 6 0 6 1 1 0 1 0 8 0 amappl13 176 424 0 422 1 0 1 1 0 8 0 amappl12 168 980 0 935 3 0 3 3 0 8 0 amappl11 160 9 0 9 1 1 0 1 0 8 0 amappl10 152 47 0 33 1 0 1 1 0 8 0 amappl9 144 247 0 247 1 1 0 1 0 8 0 amappl8 136 39 0 37 1 0 1 1 0 8 0 amappl7 128 80 0 79 1 0 1 1 0 8 0 amappl6 120 268 0 253 1 0 1 1 0 8 0 amappl5 112 76 0 66 1 0 1 1 0 8 0 amappl4 104 526 0 494 1 0 1 1 0 8 0 amappl3 96 2442 0 2334 4 1 3 3 0 8 0 amappl2 88 732 0 654 2 0 2 2 0 8 0 amappl1 80 9870 0 9254 15 1 14 15 0 8 0 amappl 88 4193 0 4005 5 0 5 5 0 92 0 uvmvnodes 80 111 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 10 0 2 1 0 1 1 0 8 0 uaddrrnd 24 623 0 590 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 623 0 590 1 0 1 1 0 8 0 vmmpekpl 168 7101 0 7063 3 0 3 3 0 8 0 vmmpepl 168 46867 0 44842 91 2 89 89 0 357 0 vmsppl 488 622 0 590 5 0 5 5 0 8 0 rwobjpl 80 15809 0 14696 25 1 24 24 0 8 0 pdppl 4096 1258 0 1183 101 26 75 86 0 8 0 pvpl 32 14560 0 0 118 0 118 118 0 265 0 pmappl 256 624 0 591 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 276 0 32 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff8000327d94e8,ffff80003c4210f0,ffff80003c421040) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003c4210f0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4210f0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x47ed4b9f420, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x7dd7e3dae930, count: -3