kernel: protection fault trap, code=0 Stopped at sys_semop+0x45b: movzwl 0(%rax),%r15d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace sys_semop(ffff8000fffebc50,ffff80002abebfc0,ffff80002abebf10) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff80002abebfc0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002abebfc0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9279ba1f960, count: -3 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002abebee0 rbx 0 rdx 0 rcx 0xffff8000fffebc50 rax 0xdeafbeaddeafbead r8 0x7f7fffffc000 r9 0xfffffd807f7d36e8 r10 0x598131ef0907b935 r11 0xbecbc557a97818b7 r12 0xffff800001499b04 r13 0 r14 0xffff80002abebfc0 r15 0 rip 0xffffffff82bec9ab sys_semop+0x45b cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002abebdc0 ss 0x10 sys_semop+0x45b: movzwl 0(%rax),%r15d ddb{1}> show proc PROC (syz-executor) tid=399643 pid=94843 tcnt=4 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=79, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffea020,0xffff8000fffea550 process=0xffff8000fffe6560 user=0xffff80002abe7000, vmspace=0xfffffd800ab345c8 estcpu=29, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 27631 380197 92847 32767 2 0x10 syz-executor 53611 436857 6246 32767 2 0x10 syz-executor 94843 446500 3212 32767 7 0x10 syz-executor *94843 399643 3212 32767 7 0x4000010 syz-executor 94843 67358 3212 32767 3 0x4000090 fsleep syz-executor 94843 484353 3212 32767 2 0x4000010 syz-executor 74635 338869 48026 32767 2 0x10 syz-executor 80214 410839 92710 32767 2 0x10 syz-executor 90227 441038 79618 32767 2 0x10 syz-executor 60284 360081 87741 32767 2 0x10 syz-executor 50668 487409 11603 0 2 0x2 syz-executor 41380 362404 0 0 3 0x14200 bored sosplice 6246 302837 61715 32767 3 0x90 nanoslp syz-executor 79618 147629 22511 32767 3 0x90 nanoslp syz-executor 48026 191955 86743 32767 3 0x90 nanoslp syz-executor 87741 188494 91374 32767 3 0x90 nanoslp syz-executor 92847 317865 76893 32767 3 0x90 nanoslp syz-executor 3212 252237 18011 32767 3 0x90 nanoslp syz-executor 92710 489832 87683 32767 3 0x90 nanoslp syz-executor 76893 502009 11603 0 3 0x82 wait syz-executor 61715 75985 11603 0 3 0x82 wait syz-executor 18011 353800 11603 0 3 0x82 wait syz-executor 86743 24823 11603 0 3 0x82 wait syz-executor 87683 374456 11603 0 3 0x82 wait syz-executor 22511 155832 11603 0 3 0x82 wait syz-executor 91374 251276 11603 0 3 0x82 wait syz-executor 11603 425635 13450 0 3 0x82 kqread syz-executor 13450 480057 88427 0 3 0x10008a sigsusp ksh 88427 51472 53318 0 3 0x98 kqread sshd-session 53318 145284 29519 0 3 0x92 kqread sshd-session 32397 388335 1 0 3 0x100083 ttyin getty 29519 432030 1 0 3 0x88 kqread sshd 83617 495514 50376 73 3 0x1100090 kqread syslogd 50376 66504 1 0 3 0x100082 sbwait syslogd 50172 49994 1 0 3 0x100080 kqread resolvd 38158 413460 47348 77 3 0x100092 kqread dhcpleased 36030 18812 47348 77 3 0x100092 kqread dhcpleased 47348 268550 1 0 3 0x80 kqread dhcpleased 87732 297892 0 0 3 0x14200 bored smr 70406 189520 0 0 2 0x14200 zerothread 97523 403103 0 0 3 0x14200 aiodoned aiodoned 35899 368192 0 0 3 0x14200 syncer update 97674 23867 0 0 3 0x14200 cleaner cleaner 89671 397859 0 0 3 0x14200 reaper reaper 97912 147336 0 0 3 0x14200 pgdaemon pagedaemon 81732 26791 0 0 3 0x14200 bored viomb 67448 209001 0 0 3 0x40014200 acpi0 acpi0 28215 398123 0 0 3 0x40014200 idle1 75796 66911 0 0 3 0x14200 bored softnet3 29262 440050 0 0 3 0x14200 bored softnet2 73484 385901 0 0 3 0x14200 bored softnet1 53223 226308 0 0 2 0x14200 softnet0 89143 380616 0 0 3 0x14200 bored systqmp 16165 219037 0 0 3 0x14200 bored systq 2936 466916 0 0 3 0x14200 tmoslp softclockmp 78939 254344 0 0 3 0x40014200 tmoslp softclock 18919 143468 0 0 3 0x40014200 idle0 1 248152 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 94843 (syz-executor) thread 0xffff8000fffea2b0 (446500) exclusive rwlock uobjlk r = 0 (0xfffffd806c1d6100) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 uvm_fault+0x1e9 sys/uvm/uvm_fault.c:688 #3 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 #4 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 #5 recall_trap+0x8 shared rwlock vmmaplk r = 0 (0xfffffd800ab346c8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_read+0x3af sys/kern/kern_rwlock.c:405 #2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1860 #3 uvm_fault_check+0x4b sys/uvm/uvm_fault.c:730 #4 uvm_fault+0x106 sys/uvm/uvm_fault.c:666 #5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 #6 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 #7 recall_trap+0x8 Process 94843 (syz-executor) thread 0xffff8000fffebc50 (399643) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8395c5e8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 mi_switch+0x4b7 sys/kern/sched_bsd.c:441 #3 sleep_finish+0x24f sys/kern/kern_synch.c:412 #4 rw_do_enter_write+0x1de sys/kern/kern_rwlock.c:292 #5 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5250 #6 uvmfault_lookup+0xe8 sys/uvm/uvm_fault.c:1854 #7 uvm_fault_check+0x987 uvmfault_amapcopy sys/uvm/uvm_fault.c:235 [inline] #7 uvm_fault_check+0x987 sys/uvm/uvm_fault.c:772 #8 uvm_fault+0x106 sys/uvm/uvm_fault.c:666 #9 kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279 #10 kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 #11 alltraps_kern_meltdown+0x7b #12 _copyin+0x57 #13 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #13 syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 #14 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10182 10952K 10965K 166960K 11262 0 pcb 17 12K 12K 166960K 17 0 rtable 216 6K 6K 166960K 358 0 pf 29 16K 16K 166960K 31 0 ifaddr 38 6K 7K 166960K 44 0 ifgroup 46 2K 2K 166960K 50 0 sysctl 3 1K 1K 166960K 3 0 counters 62 36K 36K 166960K 64 0 ioctlops 0 0K 2K 166960K 33 0 iov 0 0K 24K 166960K 10 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1335 84K 84K 166960K 1520 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 10 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 25 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 24 89K 125K 166960K 403 0 proc 58 79K 127K 166960K 490 0 subproc 64 4K 4K 166960K 226 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 37 0 in_multi 88 6K 7K 166960K 110 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 0 0K 1K 166960K 381 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 213 183K 200K 166960K 4779 0 UVM aobj 11 2K 2K 166960K 12 0 pinsyscall 45 90K 113K 166960K 1403 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 10 0 NDP 10 0K 2K 166960K 27 0 temp 44 8681K 8746K 166960K 4790 0 kqueue 13 20K 27K 166960K 64 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 114 0 111 3 2 1 3 0 8 0 rtentry 176 114 0 13 6 0 6 6 0 8 0 unpcb 144 150 0 135 2 1 1 2 0 8 0 syncache 336 5 0 5 2 1 1 1 0 8 1 tcpcb 808 87 0 83 1 0 1 1 0 8 0 arp 128 19 0 2 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 1 0 0 1 0 1 1 0 8 0 inpcb 384 226 0 219 2 0 2 2 0 8 1 nd6 144 26 0 4 1 0 1 1 0 8 0 kcovpl 48 25 0 18 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 457 0 46 29 1 28 29 0 8 0 art_table 32 458 0 46 4 0 4 4 0 8 0 art_node 16 113 0 21 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 1 2 1 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 21 0 12 1 0 1 1 0 8 0 shmpl 112 9 0 1 1 0 1 1 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 1839 0 316 96 0 96 96 0 8 0 ffsino 288 1839 0 316 110 0 110 110 0 8 0 nchpl 144 2355 0 666 63 0 63 63 0 8 0 uvmvnodes 80 2074 0 0 43 0 43 43 0 8 0 vnodes 216 2074 0 0 116 0 116 116 0 8 0 namei 1024 7331 0 7331 2 0 2 2 0 8 2 percpumem 16 47 0 1 1 0 1 1 0 8 0 kstatmem 264 22 0 2 2 0 2 2 0 8 0 scxspl 216 8220 0 8220 10 2 8 8 1 8 8 plimitpl 152 103 0 80 2 0 2 2 0 8 1 sigapl 424 640 0 585 8 1 7 8 0 8 0 futexpl 64 2680 0 2679 1 0 1 1 0 8 0 knotepl 120 312 0 0 10 0 10 10 0 8 0 kqueuepl 224 76 0 67 1 0 1 1 0 8 0 pipepl 336 167 0 140 3 0 3 3 0 8 0 fdescpl 520 621 0 585 4 1 3 4 0 8 0 filepl 160 2653 0 2459 11 1 10 11 0 8 1 lockfpl 104 42 0 40 1 0 1 1 0 8 0 lockfspl 48 20 0 18 1 0 1 1 0 8 0 sessionpl 144 39 0 24 1 0 1 1 0 8 0 pgrppl 48 66 0 43 1 0 1 1 0 8 0 ucredpl 104 339 0 321 1 0 1 1 0 8 0 zombiepl 144 585 0 585 1 0 1 1 0 8 1 processpl 1192 640 0 585 5 0 5 5 0 8 0 procpl 656 969 0 911 6 0 6 6 0 8 0 sockpl 728 494 0 469 9 5 4 9 0 8 1 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 1 0 0 1 0 1 1 0 8 0 mcl4k 4096 125 0 0 16 0 16 16 0 8 0 mcl2k 2048 26 0 0 4 0 4 4 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 222 0 0 14 0 14 14 0 8 0 bufpl 280 2948 0 117 203 0 203 203 0 8 0 anonpl 32 7093 0 0 58 0 58 58 0 246 0 amapchunkpl 152 14962 0 14556 41 6 35 41 0 158 16 amappl16 200 723 0 705 14 4 10 14 0 8 8 amappl15 192 2 0 2 1 1 0 1 0 8 0 amappl14 184 98 0 88 1 0 1 1 0 8 0 amappl13 176 4 0 4 2 1 1 1 0 8 1 amappl12 168 1206 0 1174 2 0 2 2 0 8 0 amappl11 160 45 0 35 1 0 1 1 0 8 0 amappl10 152 20 0 20 1 1 0 1 0 8 0 amappl9 144 251 0 251 1 1 0 1 0 8 0 amappl8 136 16 0 14 1 0 1 1 0 8 0 amappl7 128 104 0 93 1 0 1 1 0 8 0 amappl6 120 179 0 176 1 0 1 1 0 8 0 amappl5 112 113 0 106 1 0 1 1 0 8 0 amappl4 104 277 0 262 1 0 1 1 0 8 0 amappl3 96 2543 0 2446 4 0 4 4 0 8 0 amappl2 88 644 0 589 2 0 2 2 0 8 0 amappl1 80 8834 0 8278 14 0 14 14 0 8 1 amappl 88 4088 0 3942 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 11 0 1 1 0 1 1 0 8 0 uaddrrnd 24 621 0 585 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 621 0 585 1 0 1 1 0 8 0 vmmpekpl 168 6827 0 6788 3 0 3 3 0 8 0 vmmpepl 168 43582 0 41609 99 2 97 97 0 357 7 vmsppl 480 620 0 585 7 2 5 6 0 8 0 rwobjpl 72 15108 0 12243 57 1 56 56 0 8 2 pdppl 4096 1250 0 1170 122 40 82 98 0 8 2 pvpl 32 13163 0 0 107 0 107 107 0 265 0 pmappl 256 620 0 585 4 1 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 413 0 45 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff83859ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8395c3e0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8395c3e0) at __mp_lock+0x192 sys/kern/kern_lock.c:144 softintr_dispatch(0) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:840 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff8395c3e0) at __mp_lock+0x19e __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8395c3e0) at __mp_lock+0x19e sys/kern/kern_lock.c:144 uvm_fault(fffffd800ab345c8,928597b2000,0,2) at uvm_fault+0x1ee sys/uvm/uvm_fault.c:689 upageflttrap(ffff80002abdae80,928597b2000) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff80002abdae80) at usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7129629ef0, count: -12 ddb{0}> machine ddbcpu 1 Stopped at sys_semop+0x45b: movzwl 0(%rax),%r15d ddb{1}> trace sys_semop(ffff8000fffebc50,ffff80002abebfc0,ffff80002abebf10) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff80002abebfc0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002abebfc0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9279ba1f960, count: -3