kernel: protection fault trap, code=0 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace sys_semop(ffff800034018d18,ffff80003c479bc0,ffff80003c479b10) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c479bc0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c479bc0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x10b191c3b40, count: -3 ddb{1}> show registers rdi 0 rsi 0xb rbp 0xffff80003c479ae0 rbx 0xdeaf4152deaf4152 rdx 0 rcx 0xffff800034018d18 rax 0xffff8000299fdff0 r8 0x7f7fffffc000 r9 0x1 r10 0xf0f6c8c5ad6308e r11 0x288d53f151cf4d31 r12 0xb r13 0xfffffd80686ffd90 r14 0xffff80003c479bc0 r15 0xb rip 0xffffffff81892312 sys_semop+0x352 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c4799f0 ss 0x10 sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> show proc PROC (syz-executor) tid=171875 pid=86034 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800034018550,0xffff8000340182c8 process=0xffff80003a0361d0 user=0xffff80003c474000, vmspace=0xfffffd8069fa99a8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 5338 319167 16794 0 7 0x2004 syz-executor 86034 398834 12 0 3 0x80 nanoslp syz-executor *86034 171875 12 0 7 0x4000000 syz-executor 86034 139281 12 0 3 0x4000080 fsleep syz-executor 86034 464389 12 0 3 0x4000080 fsleep syz-executor 64041 86652 81284 0 2 0 syz-executor 64041 395378 81284 0 3 0x4000080 fsleep syz-executor 31972 422435 32165 0 2 0 syz-executor 31972 509665 32165 0 3 0x4000080 fsleep syz-executor 89794 161527 16675 0 3 0x90 nanoslp syz-executor 89794 105294 16675 0 3 0x4000090 kqsel syz-executor 89794 32244 16675 0 3 0x4000090 fsleep syz-executor 18384 367008 81191 0 3 0x90 nanoslp syz-executor 18384 342319 81191 0 3 0x4000090 ttyout syz-executor 18384 253519 81191 0 3 0x4000090 fsleep syz-executor 25334 125390 65278 0 3 0x3000 suspend syz-executor 25334 338686 65278 0 2 0x4081000 syz-executor 82795 255284 0 0 3 0x14200 bored sosplice 24358 421580 0 0 3 0x14200 acct acct 81191 252844 16794 0 2 0x3 syz-executor 12 447325 16794 0 3 0x82 nanoslp syz-executor 81284 269314 16794 0 2 0x2 syz-executor 65278 217012 16794 0 3 0x82 nanoslp syz-executor 32165 157123 16794 0 3 0x82 nanoslp syz-executor 16675 302352 16794 0 3 0x82 nanoslp syz-executor 72096 122560 16794 0 3 0x82 nanoslp syz-executor 16794 7199 88549 0 3 0x82 kqread syz-executor 88549 507284 84059 0 3 0x10008a sigsusp ksh 84059 233234 77842 0 3 0x98 kqread sshd-session 77842 9765 6077 0 3 0x92 kqread sshd-session 21781 100051 1 0 3 0x100083 ttyin getty 6077 447727 1 0 3 0x88 kqread sshd 38185 342108 3341 74 3 0x1100092 bpf pflogd 3341 48499 1 0 3 0x80 sbwait pflogd 67176 140367 52190 73 3 0x1100090 kqread syslogd 52190 52553 1 0 3 0x100082 sbwait syslogd 7068 340326 1 0 3 0x100080 kqread resolvd 33082 448274 18992 77 3 0x100092 kqread dhcpleased 9262 151187 18992 77 3 0x100092 kqread dhcpleased 18992 75956 1 0 3 0x80 kqread dhcpleased 12784 473030 0 0 3 0x14200 bored smr 91379 437246 0 0 2 0x14200 zerothread 54577 66988 0 0 3 0x14200 aiodoned aiodoned 79143 75964 0 0 3 0x14200 syncer update 18907 24383 0 0 3 0x14200 cleaner cleaner 45968 232683 0 0 3 0x14200 reaper reaper 12974 414248 0 0 3 0x14200 pgdaemon pagedaemon 66266 317400 0 0 3 0x14200 bored viomb 94759 373273 0 0 3 0x40014200 acpi0 acpi0 68516 391931 0 0 3 0x40014200 idle1 30007 355525 0 0 3 0x14200 bored softnet7 83103 415592 0 0 3 0x14200 bored softnet6 45509 448988 0 0 3 0x14200 bored softnet5 41593 172340 0 0 3 0x14200 bored softnet4 18768 298943 0 0 3 0x14200 bored softnet3 60847 94605 0 0 3 0x14200 bored softnet2 19935 516716 0 0 3 0x14200 bored softnet1 80895 64460 0 0 3 0x14200 bored softnet0 87293 204272 0 0 3 0x14200 bored systqmp 87112 82282 0 0 3 0x14200 bored systq 24244 143048 0 0 3 0x14200 tmoslp softclockmp 81162 462228 0 0 3 0x40014200 tmoslp softclock 77739 163248 0 0 3 0x40014200 idle0 1 7752 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 86034 (syz-executor) thread 0xffff800034018d18 (171875) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff838ab3f0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe3 sys/kern/kern_malloc.c:174 #3 sys_semop+0x22f sys/kern/sysv_sem.c:-1 #4 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #4 syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 #5 Xsyscall+0x128 Process 25334 (syz-executor) thread 0xffff8000ffff2d08 (338686) exclusive rrwlock inode r = 0 (0xfffffd8069471580) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x18f sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x242 sys/kern/sys_generic.c:380 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10202 11037K 11064K 166960K 11321 0 pcb 18 12K 12K 166960K 46 0 rtable 191 5K 6K 166960K 265 0 pf 32 17K 18K 166960K 63 0 ifaddr 39 6K 7K 166960K 53 0 ifgroup 51 2K 2K 166960K 68 0 sysctl 1 1K 9K 166960K 5 0 counters 66 36K 37K 166960K 84 0 ioctlops 0 0K 4K 166960K 1498 0 iov 0 0K 8K 166960K 5 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1341 84K 85K 166960K 1392 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 5 0K 0K 166960K 7 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 58K 89K 166960K 199 0 proc 72 115K 180K 166960K 534 0 subproc 63 3K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 4 0 in_multi 88 6K 7K 166960K 100 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 1 0K 1K 166960K 369 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 241 160K 177K 166960K 3617 0 UVM aobj 4 2K 2K 166960K 4 0 pinsyscall 42 84K 100K 166960K 1282 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 11 0K 2K 166960K 33 0 temp 35 8643K 8710K 166960K 10250 0 kqueue 13 20K 26K 166960K 40 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 37 0 34 1 0 1 1 0 8 0 rtentry 176 98 0 12 5 0 5 5 0 8 0 unpcb 144 202 0 184 6 5 1 6 0 8 0 syncache 336 4 0 4 2 1 1 1 0 8 1 tcpcb 736 25 0 21 1 0 1 1 0 8 0 arp 128 11 0 1 1 0 1 1 0 8 0 inpcb 328 126 0 117 2 0 2 2 0 8 1 nd6 144 17 0 3 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 0 1 1 0 8 1 kcovpl 48 8 0 1 1 0 1 1 0 8 0 ppxss 1192 7 0 7 1 0 1 1 0 8 1 pppxif 1504 1 0 1 1 0 1 1 0 8 1 pffrag 232 1 0 0 1 0 1 1 0 482 0 pffrnode 88 1 0 0 1 0 1 1 0 8 0 pffrent 40 1 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 19 0 0 1 0 1 1 0 8 0 pfstkey 128 19 0 0 1 0 1 1 0 8 0 pfstate 384 19 0 0 2 0 2 2 0 8 0 pfrule 1344 23 0 18 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 445 0 50 28 0 28 28 0 8 2 art_table 40 446 0 50 5 0 5 5 0 8 0 art_node 32 98 0 22 1 0 1 1 0 8 0 semapl 112 3 0 1 1 0 1 1 0 8 0 shmpl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1672 0 158 95 0 95 95 0 8 0 ffsino 296 1672 0 158 117 0 117 117 0 8 0 nchpl 144 1950 0 257 63 0 63 63 0 8 0 uvmvnodes 80 1775 0 0 37 0 37 37 0 8 0 vnodes 216 1775 0 0 99 0 99 99 0 8 0 namei 1024 6012 0 6011 2 1 1 2 0 8 0 percpumem 16 57 0 9 1 0 1 1 0 8 0 kstatmem 264 36 0 12 2 0 2 2 0 8 0 scxspl 216 8047 0 8047 10 2 8 8 1 8 8 plimitpl 152 37 0 18 1 0 1 1 0 8 0 sigapl 424 504 0 449 7 0 7 7 0 8 0 knotepl 120 271 0 0 9 0 9 9 0 8 0 kqueuepl 224 46 0 36 1 0 1 1 0 8 0 pipepl 344 110 0 83 3 0 3 3 0 8 0 fdescpl 528 480 0 449 3 0 3 3 0 8 0 filepl 160 1981 0 1766 17 5 12 15 0 8 2 lockfpl 104 30 0 28 1 0 1 1 0 8 0 lockfspl 48 14 0 12 1 0 1 1 0 8 0 sessionpl 144 23 0 14 1 0 1 1 0 8 0 pgrppl 48 32 0 15 1 0 1 1 0 8 0 ucredpl 104 186 0 171 1 0 1 1 0 8 0 zombiepl 144 491 0 489 1 0 1 1 0 8 0 processpl 1232 504 0 449 5 0 5 5 0 8 0 procpl 664 635 0 570 6 0 6 6 0 8 0 sosppl 168 2 0 2 1 0 1 1 0 8 1 sockpl 752 368 0 338 17 12 5 16 0 8 2 mcl64k 65536 2 0 0 1 0 1 1 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 113 0 0 15 0 15 15 0 8 0 mcl2k 2048 17 0 0 3 0 3 3 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 119 0 0 8 0 8 8 0 8 0 bufpl 280 3454 0 123 238 0 238 238 0 8 0 anonpl 32 4359 0 0 36 0 36 36 0 246 0 amapchunkpl 152 10494 0 9958 31 4 27 27 0 158 3 amappl16 200 2004 0 1972 7 4 3 5 0 8 1 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 115 0 103 1 0 1 1 0 8 0 amappl13 176 1 0 1 1 1 0 1 0 8 0 amappl12 168 1123 0 1092 3 1 2 2 0 8 0 amappl11 160 52 0 38 1 0 1 1 0 8 0 amappl10 152 8 0 7 1 0 1 1 0 8 0 amappl9 144 251 0 251 1 1 0 1 0 8 0 amappl8 136 24 0 21 1 0 1 1 0 8 0 amappl7 128 105 0 93 1 0 1 1 0 8 0 amappl6 120 178 0 175 1 0 1 1 0 8 0 amappl5 112 124 0 115 1 0 1 1 0 8 0 amappl4 104 304 0 285 1 0 1 1 0 8 0 amappl3 96 1729 0 1617 5 1 4 4 0 8 0 amappl2 88 642 0 579 2 0 2 2 0 8 0 amappl1 80 8541 0 7945 14 0 14 14 0 8 0 amappl 88 2935 0 2767 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 3 0 0 1 0 1 1 0 8 0 uaddrrnd 24 480 0 449 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 480 0 449 1 0 1 1 0 8 0 vmmpekpl 168 5670 0 5624 3 0 3 3 0 8 0 vmmpepl 168 37540 0 35556 93 0 93 93 0 357 1 vmsppl 488 479 0 449 5 0 5 5 0 8 0 rwobjpl 80 15054 0 12359 58 0 58 58 0 8 0 pdppl 4096 968 0 898 98 24 74 84 0 8 4 pvpl 32 11812 0 0 97 1 96 96 0 265 0 pmappl 256 479 0 449 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 266 0 28 7 0 7 7 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff83782ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838ab1e8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838ab1e8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 __mp_acquire_count(ffffffff838ab1e8,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 malloc(18,7f,1) at malloc+0xe3 sys/kern/kern_malloc.c:174 elf_os_pt_note(ffff8000340182b8,ffff80003c460fc0,ffff800001490700,ffff80003c460d28) at elf_os_pt_note+0x2b5 sys/kern/exec_elf.c:-1 exec_elf_makecmds(ffff8000340182b8,ffff80003c460fc0) at exec_elf_makecmds+0x79a sys/kern/exec_elf.c:672 check_exec(ffff8000340182b8,ffff80003c460fc0) at check_exec+0x43d sys/kern/kern_exec.c:198 sys_execve(ffff8000340182b8,ffff80003c461480,ffff80003c4613d0) at sys_execve+0x19b sys/kern/kern_exec.c:311 syscall(ffff80003c461480) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c461480) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7b9f18dcc3d0, count: -12 ddb{0}> machine ddbcpu 1 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{1}> trace sys_semop(ffff800034018d18,ffff80003c479bc0,ffff80003c479b10) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003c479bc0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c479bc0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x10b191c3b40, count: -3