kernel: protection fault trap, code=0 Stopped at sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff80003c48ba28,ffff800037bdef60,ffff800037bdeeb0) at sys_semop+0x3d5 sys/kern/sysv_sem.c:619 syscall(ffff800037bdef60) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff800037bdef60) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xed908a6350, count: -3 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff800037bdee80 rbx 0xdeadbeefdeadbeef rdx 0 rcx 0xffff80003c48ba28 rax 0xdeadbeefdeadbeef r8 0x7f7fffffc000 r9 0 r10 0xb39db0518057af82 r11 0x60981622d874898 r12 0 r13 0xfffffd805f6bcbd0 r14 0xffff800037bdef60 r15 0 rip 0xffffffff81a070b5 sys_semop+0x3d5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800037bded90 ss 0x10 sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{0}> show proc PROC (syz-executor) tid=40504 pid=90466 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=84, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800037bd2020,0xffff80003c48b508 process=0xffff80003c48f518 user=0xffff800037bda000, vmspace=0xfffffd805d06e028 estcpu=34, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 78836 305597 76102 0 2 0x400000 syz-executor 78836 173888 76102 0 3 0x4400080 fsleep syz-executor 78836 415344 76102 0 3 0x4400080 fsleep syz-executor 90466 334522 3467 0 2 0 syz-executor *90466 40504 3467 0 7 0x4000000 syz-executor 90466 45947 3467 0 3 0x4000080 fsleep syz-executor 12427 297808 37952 0 2 0 syz-executor 12427 350520 37952 0 3 0x4000080 fsleep syz-executor 9152 268691 38908 60929 2 0x10 syz-executor 9152 136762 38908 60929 3 0x4000090 ttyin syz-executor 9152 303670 38908 60929 3 0x4000090 fsleep syz-executor 12817 463325 0 0 3 0x14200 acct acct 90857 193393 11036 0 3 0x3000 suspend syz-executor 90857 99367 11036 0 2 0x4081000 syz-executor 78253 303753 1 0 3 0x100083 ttyin getty 76102 365416 32474 0 3 0x82 nanoslp syz-executor 37952 311451 32474 0 3 0x82 nanoslp syz-executor 35880 418218 32474 0 2 0x2 syz-executor 39467 313059 32474 0 2 0x2 syz-executor 11036 322634 32474 0 3 0x82 nanoslp syz-executor 38908 462777 32474 0 3 0x82 nanoslp syz-executor 3467 200053 32474 0 3 0x82 nanoslp syz-executor 9311 312608 32474 0 3 0x82 wait syz-executor 32474 223423 81311 0 3 0x82 kqread syz-executor 81311 40110 79746 0 3 0x10008a sigsusp ksh 79746 79380 64584 0 3 0x98 kqread sshd-session 64584 426288 86236 0 3 0x92 kqread sshd-session 86236 338608 1 0 3 0x88 kqread sshd 38061 60821 71395 74 3 0x1100092 bpf pflogd 71395 50186 1 0 3 0x80 sbwait pflogd 84487 442305 32842 73 3 0x1100090 kqread syslogd 32842 144323 1 0 3 0x100082 sbwait syslogd 46204 39872 1 0 3 0x100080 kqread resolvd 9770 509547 78101 77 3 0x100092 kqread dhcpleased 2996 393101 78101 77 3 0x100092 kqread dhcpleased 78101 222336 1 0 3 0x80 kqread dhcpleased 86767 35570 0 0 3 0x14200 bored smr 91762 399625 0 0 2 0x14200 zerothread 44031 95896 0 0 3 0x14200 aiodoned aiodoned 64226 461545 0 0 3 0x14200 syncer update 87215 395750 0 0 3 0x14200 cleaner cleaner 62981 226840 0 0 3 0x14200 reaper reaper 3374 508764 0 0 3 0x14200 pgdaemon pagedaemon 29661 213584 0 0 3 0x14200 bored viomb 36209 11966 0 0 3 0x40014200 acpi0 acpi0 5050 385780 0 0 7 0x40014200 idle1 99856 151580 0 0 3 0x14200 bored softnet1 76322 458301 0 0 3 0x14200 bored softnet0 63321 227914 0 0 3 0x14200 bored systqmp 11601 513702 0 0 3 0x14200 bored systq 31962 270873 0 0 3 0x14200 tmoslp softclockmp 56229 153149 0 0 3 0x40014200 tmoslp softclock 57798 222563 0 0 3 0x40014200 idle0 1 424925 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 90466 (syz-executor) thread 0xffff80003c48ba28 (40504) Process 90857 (syz-executor) thread 0xffff80003c48ad30 (99367) Process 39467 (syz-executor) thread 0xffff800037bd34e0 (313059) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11114 12314K 14055K 166960K 16227 0 pcb 18 18K 20K 166960K 519 0 rtable 174 11K 12K 166960K 895 0 pf 32 17K 19K 166960K 295 0 ifaddr 32 5K 8K 166960K 205 0 ifgroup 51 2K 3K 166960K 390 0 sysctl 4 1K 9K 166960K 58 0 counters 68 36K 38K 166960K 570 0 ioctlops 0 0K 4K 166960K 2444 0 iov 0 0K 24K 166960K 137 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1404 88K 89K 166960K 3810 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 5K 166960K 10 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 147 0 dirhash 12 2K 2K 166960K 57 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 240K 166960K 2769 0 sigio 0 0K 0K 166960K 51 0 proc 73 115K 180K 166960K 1020 0 subproc 72 4K 4K 166960K 145 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 373 0 in_multi 51 3K 7K 166960K 295 0 ether_multi 1 0K 0K 166960K 28 0 mrt 1 0K 0K 166960K 45 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 265 1182K 1182K 166960K 265 0 exec 0 0K 1K 166960K 866 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 5 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 241 159K 179K 166960K 26513 0 UVM aobj 56 17K 17K 166960K 62 0 pinsyscall 41 82K 105K 166960K 4052 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 307 0 NDP 11 0K 2K 166960K 151 0 temp 81 9084K 9326K 166960K 96180 0 kqueue 13 20K 29K 166960K 490 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 537 0 534 7 4 3 3 0 8 2 rtentry 176 271 0 213 6 1 5 6 0 8 1 unpcb 144 1840 0 1822 15 14 1 6 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 950 0 943 22 21 1 13 0 8 0 arp 136 43 0 30 1 0 1 1 0 8 0 inpcb 328 3103 0 3088 28 24 4 12 0 8 2 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 2 0 2 1 1 0 1 0 8 0 nd6 152 57 0 47 1 0 1 1 0 8 0 pkpcb 40 29 0 29 6 5 1 1 0 8 1 kcovpl 48 16 0 8 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 203 0 203 4 3 1 1 0 8 1 pppxif 1504 18 0 18 6 5 1 1 0 8 1 pffrag 232 18 0 11 2 1 1 1 0 482 0 pffrnode 88 17 0 10 2 1 1 1 0 8 0 pffrent 40 31 0 23 2 1 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 166 0 104 1 0 1 1 0 8 0 pfstkey 128 166 0 104 3 0 3 3 0 8 0 pfstate 448 166 0 104 9 1 8 8 0 8 0 pfrule 1360 24 0 19 2 1 1 2 0 8 0 rttmr 136 4 0 4 3 3 0 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1274 0 1046 36 18 18 29 0 8 1 art_table 40 1278 0 1046 5 0 5 5 0 8 0 art_node 32 271 0 219 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 6 1 0 1 1 0 8 0 semupl 112 3 0 3 3 3 0 1 0 8 0 semapl 112 140 0 131 1 0 1 1 0 8 0 shmpl 112 53 0 6 2 0 2 2 0 8 0 dirhash 1024 47 0 30 3 0 3 3 0 8 0 dino2pl 256 6532 0 5063 93 0 93 93 0 8 0 ffsino 296 6532 0 5063 114 0 114 114 0 8 0 nchpl 144 10160 0 8435 65 0 65 65 0 8 0 rtmask 32 23 0 23 7 6 1 1 0 8 1 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 37198 0 37197 4 3 1 2 0 8 0 percpumem 16 300 0 251 1 0 1 1 0 8 0 vcpupl 3968 6 0 0 1 0 1 1 0 8 0 vmpool 848 6 0 0 1 0 1 1 0 8 0 kstatmem 264 236 0 210 6 3 3 3 0 8 1 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 6 0 6 5 5 0 1 0 8 0 scxspl 216 79652 0 79652 24 22 2 8 1 8 2 plimitpl 152 755 0 736 1 0 1 1 0 8 0 sigapl 424 3017 0 2970 9 2 7 8 0 8 0 knotepl 120 596 0 0 17 0 17 17 0 8 0 kqueuepl 224 833 0 824 7 6 1 5 0 8 0 pipepl 344 455 0 428 7 4 3 6 0 8 0 fdescpl 528 2975 0 2945 3 0 3 3 0 8 0 filepl 160 20486 0 20195 35 20 15 17 0 8 2 lockfpl 104 1220 0 1216 2 1 1 2 0 8 0 lockfspl 48 497 0 493 1 0 1 1 0 8 0 sessionpl 144 34 0 25 1 0 1 1 0 8 0 pgrppl 48 89 0 72 1 0 1 1 0 8 0 ucredpl 104 3344 0 3329 1 0 1 1 0 8 0 zombiepl 144 4169 0 4167 2 1 1 1 0 8 0 processpl 1232 3017 0 2970 6 1 5 6 0 8 0 procpl 664 7362 0 7307 8 1 7 8 0 8 0 sosppl 176 29 0 29 8 7 1 1 0 8 1 sockpl 752 5584 0 5548 51 40 11 17 0 8 7 mcl64k 65536 8 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 114 0 0 15 0 15 15 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 42 0 0 5 0 5 5 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 1840 0 0 115 0 115 115 0 8 0 bufpl 280 32118 0 25988 439 0 439 439 0 8 0 anonpl 32 13273 0 0 107 0 107 107 0 246 0 amapchunkpl 152 104426 0 103922 70 40 30 38 0 158 6 amappl16 200 11759 0 11682 126 112 14 29 0 8 3 amappl15 192 2 0 2 1 1 0 1 0 8 0 amappl14 184 528 0 527 1 0 1 1 0 8 0 amappl13 176 188 0 176 1 0 1 1 0 8 0 amappl12 168 3264 0 3235 2 0 2 2 0 8 0 amappl11 160 29 0 29 3 3 0 1 0 8 0 amappl10 152 71 0 57 1 0 1 1 0 8 0 amappl9 144 258 0 258 1 1 0 1 0 8 0 amappl8 136 134 0 131 1 0 1 1 0 8 0 amappl7 128 189 0 175 1 0 1 1 0 8 0 amappl6 120 246 0 244 1 0 1 1 0 8 0 amappl5 112 105 0 93 1 0 1 1 0 8 0 amappl4 104 325 0 303 1 0 1 1 0 8 0 amappl3 96 18742 0 18632 4 0 4 4 0 8 0 amappl2 88 599 0 536 2 0 2 2 0 8 0 amappl1 80 20188 0 19591 14 1 13 14 0 8 0 amappl 88 25222 0 25054 6 1 5 5 0 92 0 uvmvnodes 80 182 0 1 4 0 4 4 0 8 0 dma65536 65536 2 0 2 2 2 0 1 0 8 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 3 0 3 2 2 0 1 0 8 0 dma256 256 12 0 12 4 3 1 1 0 8 1 dma128 128 257 0 257 4 4 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 61 0 6 1 0 1 1 0 8 0 uaddrrnd 24 2975 0 2945 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2975 0 2945 1 0 1 1 0 8 0 vmmpekpl 168 23688 0 23619 4 0 4 4 0 8 0 vmmpepl 168 192209 0 190270 167 66 101 111 0 357 1 vmsppl 488 2974 0 2945 6 1 5 5 0 8 0 rwobjpl 80 51878 0 50655 49 16 33 35 0 8 0 pdppl 4096 5969 0 5896 122 45 77 87 0 8 4 pvpl 32 23498 0 0 189 0 189 189 0 265 0 pmappl 256 2980 0 2945 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 450 0 101 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff80003c48ba28,ffff800037bdef60,ffff800037bdeeb0) at sys_semop+0x3d5 sys/kern/sysv_sem.c:619 syscall(ffff800037bdef60) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff800037bdef60) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xed908a6350, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff8000299bdff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle(ffff8000299bdff0) at sched_idle+0x391 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: -5