kernel: protection fault trap, code=0 Stopped at sys_semop+981: movzwl 0(%rax),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff8000ffff2a78,ffff80003c4658a0,ffff80003c4657f0) at sys_semop+981 syscall(ffff80003c4658a0) at syscall+2839 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0xde48c5d45a0, count: -3 ddb{0}> show registers rdi 0 rsi 0 rbp 18446603337232439232 rbx 16046115821523517778 rdx 0 rcx 18446603340516108920 rax 16046115821523517778 r8 140187732525056 r9 18446741325089846600 r10 9337099731204596451 r11 571520160832022936 r12 0 r13 18446741326561737456 r14 18446603337232439456 r15 0 rip 18446744071588731669 sys_semop+981 cs 8 rflags 66118 __ALIGN_SIZE+62022 rsp 18446603337232438992 ss 16 sys_semop+981: movzwl 0(%rax),%r15d ddb{0}> show proc PROC (syz-executor) tid=324873 pid=97057 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800034feba28,0xffff8000ffff2fb8 process=0xffff80003c4b4ea0 user=0xffff80003c460000, vmspace=0xfffffd800b027000 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 97057 318489 22207 0 2 0 syz-executor *97057 324873 22207 0 7 0x4000000 syz-executor 97057 256223 22207 0 7 0x4000000 syz-executor 97057 46637 22207 0 3 0x4000080 fsleep syz-executor 18531 455909 23663 0 2 0 syz-executor 18531 244362 23663 0 2 0x4000000 syz-executor 81470 477583 99220 0 2 0 syz-executor 81470 162604 99220 0 3 0x4000080 kqsel syz-executor 81470 270434 99220 0 2 0x4000000 syz-executor 81470 345925 99220 0 3 0x4000080 fsleep syz-executor 17283 253317 87995 0 3 0x80 nanoslp syz-executor 17283 461638 87995 0 3 0x4000080 kqread syz-executor 17283 30484 87995 0 3 0x4000080 kqsel syz-executor 17283 483907 87995 0 3 0x4000080 fsleep syz-executor 17283 470037 87995 0 3 0x4000080 fsleep syz-executor 35223 147781 49884 0 3 0x80 nanoslp syz-executor 35223 458293 49884 0 3 0x4000080 netcon syz-executor 35223 249650 49884 0 3 0x4000080 kqsel syz-executor 35223 238205 49884 0 3 0x4000080 kqsel syz-executor 35223 11903 49884 0 3 0x4000080 fsleep syz-executor 40343 443996 73905 0 3 0x3000 suspend syz-executor 40343 1126 73905 0 2 0x4081000 syz-executor 5399 223742 9568 0 3 0x82 nanoslp syz-executor 87995 185709 9568 0 3 0x82 nanoslp syz-executor 23663 121322 9568 0 3 0x82 nanoslp syz-executor 22207 501567 9568 0 3 0x82 nanoslp syz-executor 73905 489879 9568 0 3 0x82 wait syz-executor 12747 320752 9568 0 2 0x2 syz-executor 99220 261416 9568 0 3 0x82 nanoslp syz-executor 49884 426637 9568 0 3 0x82 nanoslp syz-executor 9568 71044 4043 0 3 0x82 kqread syz-executor 4043 387378 40215 0 3 0x10008a sigsusp ksh 40215 72364 20612 0 3 0x98 kqread sshd-session 20612 436221 15091 0 3 0x92 kqread sshd-session 95943 447035 1 0 3 0x100083 ttyopn getty 15091 167556 1 0 3 0x88 kqread sshd 25659 392947 83135 74 3 0x1100092 bpf pflogd 83135 302230 1 0 3 0x80 sbwait pflogd 46275 213435 68825 73 3 0x1100090 kqread syslogd 68825 365352 1 0 3 0x100082 sbwait syslogd 19343 422493 1 0 3 0x100080 kqread resolvd 14339 211873 60931 77 3 0x100092 kqread dhcpleased 90857 463991 60931 77 3 0x100092 kqread dhcpleased 60931 462264 1 0 3 0x80 kqread dhcpleased 97642 346529 0 0 3 0x14200 bored smr 42377 83207 0 0 2 0x14200 zerothread 84597 32881 0 0 3 0x14200 aiodoned aiodoned 5079 363276 0 0 3 0x14200 syncer update 77563 326902 0 0 3 0x14200 cleaner cleaner 28574 338544 0 0 3 0x14200 reaper reaper 74515 207654 0 0 3 0x14200 pgdaemon pagedaemon 56441 141765 0 0 3 0x14200 bored viomb 36979 282908 0 0 3 0x40014200 acpi0 acpi0 42527 124616 0 0 3 0x40014200 idle1 66535 466035 0 0 3 0x14200 bored softnet1 2556 124172 0 0 2 0x14200 softnet0 93220 472060 0 0 3 0x14200 bored systqmp 32235 369115 0 0 3 0x14200 bored systq 77512 351397 0 0 3 0x14200 tmoslp softclockmp 84572 219924 0 0 3 0x40014200 tmoslp softclock 26741 400175 0 0 3 0x40014200 idle0 1 168351 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 97057 (syz-executor) thread 0xffff8000ffff2a78 (324873) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8389d228) #0 witness_lock+1521 #1 __mp_acquire_count+88 #2 pool_get+638 #3 _rw_obj_alloc_flags+77 #4 amap_alloc+214 #5 amap_copy+1708 #6 uvm_fault_check+1155 #7 uvm_fault+262 #8 kpageflttrap+756 #9 kerntrap+412 #10 alltraps_kern_meltdown+123 #11 _copyin+102 #12 syscall+2839 #13 Xsyscall+296 Process 40343 (syz-executor) thread 0xffff800034fead30 (1126) exclusive rrwlock inode r = 0 (0xfffffd806e35cb78) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+163 #4 vn_lock+164 #5 vn_write+399 #6 dofilewritev+578 #7 sys_write+162 #8 syscall+3028 #9 Xsyscall+296 Process 12747 (syz-executor) thread 0xffff80002a273c98 (320752) exclusive rrwlock inode r = 0 (0xfffffd806e0b1910) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+163 #4 vn_lock+164 #5 vget+674 #6 ufs_ihashget+389 #7 ffs_vget+140 #8 ufs_lookup+6710 #9 VOP_LOOKUP+110 #10 vfs_lookup+2362 #11 namei+1994 #12 dounlinkat+193 #13 syscall+2839 #14 Xsyscall+296 exclusive rrwlock inode r = 0 (0xfffffd80665c2458) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+163 #4 vn_lock+164 #5 vget+674 #6 cache_lookup+849 #7 ufs_lookup+483 #8 VOP_LOOKUP+110 #9 vfs_lookup+2362 #10 namei+1994 #11 dounlinkat+193 #12 syscall+2839 #13 Xsyscall+296 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10236 11057K 11618K 166960K 13967 0 pcb 17 15K 17K 166960K 539 0 rtable 249 14K 15K 166960K 750 0 pf 39 18K 67486K 166960K 307 0 ifaddr 42 8K 8K 166960K 197 0 ifgroup 55 2K 2K 166960K 364 0 sysctl 4 1K 9K 166960K 23 0 counters 70 37K 38K 166960K 422 0 ioctlops 0 0K 8K 166960K 2179 0 iov 0 0K 24K 166960K 197 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1533 96K 97K 166960K 3509 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 35 0 VM map 2 1K 1K 166960K 2 0 sem 15 16K 16K 166960K 241 0 dirhash 12 2K 2K 166960K 63 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 236K 166960K 2488 0 sigio 0 0K 0K 166960K 116 0 proc 73 115K 164K 166960K 831 0 subproc 72 4K 4K 166960K 99 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 361 0 in_multi 84 6K 7K 166960K 258 0 ether_multi 1 0K 0K 166960K 24 0 mrt 0 0K 0K 166960K 17 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 253 1129K 1129K 166960K 253 0 exec 0 0K 1K 166960K 759 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 7 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 261 160K 174K 166960K 23995 0 UVM aobj 65 6K 6K 166960K 70 0 pinsyscall 42 84K 100K 166960K 3705 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 165 0 NDP 13 0K 2K 166960K 143 0 temp 87 8660K 8916K 166960K 150218 0 kqueue 15 24K 35K 166960K 489 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 309 0 306 4 3 1 3 0 8 0 rtentry 176 214 0 121 6 0 6 6 0 8 0 unpcb 144 1643 0 1626 13 12 1 6 0 8 0 syncache 336 6 0 6 4 4 0 1 0 8 0 tcpcb 736 852 0 846 18 17 1 7 0 8 0 arp 136 30 0 14 1 0 1 1 0 8 0 inpcb 328 3091 0 3080 35 28 7 12 0 8 5 nd6 152 42 0 20 2 0 2 2 0 8 0 pkpcb 40 83 0 83 8 7 1 1 0 8 1 kcovpl 48 11 0 3 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 142 0 140 4 3 1 1 0 8 0 pppxif 1504 20 0 20 9 8 1 1 0 8 1 pfstscr 40 5 0 5 2 2 0 1 0 8 0 pffrag 232 54 0 44 1 0 1 1 0 482 0 pffrnode 88 48 0 40 1 0 1 1 0 8 0 pffrent 40 94 0 84 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pfstitem 24 149 0 101 1 0 1 1 0 8 0 pfstkey 128 154 0 106 3 0 3 3 0 8 0 pfstate 384 151 0 104 7 0 7 7 0 8 0 pfrule 1344 22 0 17 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 6 0 0 6 0 6 6 0 8 0 art_heap4 256 908 0 547 34 8 26 29 0 8 1 art_table 40 914 0 547 5 0 5 5 0 8 0 art_node 32 211 0 129 1 0 1 1 0 8 0 sysvmsgpl 40 15 0 8 2 1 1 1 0 8 0 semupl 112 4 0 4 4 4 0 1 0 8 0 semapl 112 231 0 218 1 0 1 1 0 8 0 shmpl 112 67 0 5 2 0 2 2 0 8 0 dirhash 1024 51 0 34 3 0 3 3 0 8 0 dino2pl 256 6130 0 4624 96 1 95 96 0 8 0 ffsino 296 6130 0 4624 118 1 117 118 0 8 0 nchpl 144 9622 0 7907 64 0 64 64 0 8 0 rtmask 32 30 0 30 7 7 0 1 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 32080 0 32080 4 3 1 2 0 8 1 percpumem 16 226 0 176 1 0 1 1 0 8 0 kstatmem 264 238 0 210 6 3 3 3 0 8 1 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 12 0 12 8 7 1 1 0 8 1 scxspl 216 69502 0 69502 15 14 1 8 1 8 1 plimitpl 152 887 0 868 1 0 1 1 0 8 0 sigapl 424 2794 0 2747 9 3 6 8 0 8 0 knotepl 120 887 0 0 26 0 26 26 0 8 0 kqueuepl 224 1034 0 1015 13 11 2 5 0 8 0 pipepl 344 338 0 311 6 3 3 6 0 8 0 fdescpl 528 2754 0 2723 3 0 3 3 0 8 0 filepl 160 18366 0 18142 37 24 13 16 0 8 2 lockfpl 104 1126 0 1124 2 1 1 2 0 8 0 lockfspl 48 464 0 462 1 0 1 1 0 8 0 sessionpl 144 28 0 19 1 0 1 1 0 8 0 pgrppl 48 70 0 53 1 0 1 1 0 8 0 ucredpl 104 3062 0 3048 1 0 1 1 0 8 0 zombiepl 144 3830 0 3828 2 1 1 1 0 8 0 processpl 1232 2794 0 2747 7 3 4 6 0 8 0 procpl 664 6683 0 6620 8 2 6 8 0 8 0 sosppl 176 16 0 16 6 5 1 1 0 8 1 sockpl 752 5256 0 5225 55 44 11 17 0 8 7 mcl64k 65536 19 0 0 3 1 2 3 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 4 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 11 0 0 2 0 2 2 0 8 0 mcl4k 4096 117 0 0 15 0 15 15 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 46 0 0 5 0 5 5 0 8 0 mtagpl 96 9 0 0 1 0 1 1 0 8 0 mbufpl 256 1207 0 0 72 0 72 72 0 8 0 bufpl 280 30594 0 24456 439 0 439 439 0 8 0 anonpl 32 13114 0 0 105 0 105 105 0 246 0 amapchunkpl 152 83761 0 83203 60 31 29 33 0 158 6 amappl16 200 11523 0 11366 67 49 18 26 0 8 2 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 15 0 15 2 1 1 1 0 8 1 amappl13 176 495 0 494 1 0 1 1 0 8 0 amappl12 168 3160 0 3118 3 0 3 3 0 8 0 amappl11 160 7 0 7 1 1 0 1 0 8 0 amappl10 152 53 0 38 1 0 1 1 0 8 0 amappl9 144 259 0 258 1 0 1 1 0 8 0 amappl8 136 28 0 25 1 0 1 1 0 8 0 amappl7 128 97 0 95 1 0 1 1 0 8 0 amappl6 120 325 0 310 1 0 1 1 0 8 0 amappl5 112 84 0 73 1 0 1 1 0 8 0 amappl4 104 474 0 444 1 0 1 1 0 8 0 amappl3 96 14912 0 14810 4 1 3 3 0 8 0 amappl2 88 2901 0 2823 2 0 2 2 0 8 0 amappl1 80 19928 0 19338 14 0 14 14 0 8 0 amappl 88 22808 0 22624 6 1 5 5 0 92 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 258 0 258 5 5 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 69 0 5 2 0 2 2 0 8 0 uaddrrnd 24 2754 0 2723 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2754 0 2723 1 0 1 1 0 8 0 vmmpekpl 168 22832 0 22788 4 0 4 4 0 8 0 vmmpepl 168 179488 0 177383 129 25 104 108 0 357 6 vmsppl 488 2753 0 2723 10 6 4 5 0 8 0 rwobjpl 80 54517 0 47441 156 8 148 152 0 8 0 pdppl 4096 5516 0 5446 118 46 72 84 0 8 2 pvpl 32 22136 0 0 178 0 178 178 0 265 0 pmappl 256 2753 0 2723 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 390 0 85 9 0 9 9 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff8000ffff2a78,ffff80003c4658a0,ffff80003c4657f0) at sys_semop+981 syscall(ffff80003c4658a0) at syscall+2839 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0xde48c5d45a0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+39: addq $8,%rsp ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __mp_lock(ffffffff8389d020) at __mp_lock+409 syscall(ffff80002a3bef00) at syscall+2804 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0xde53d9e6610, count: -6