kernel: protection fault trap, code=0 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff80003abd5260,ffff80003c41c360,ffff80003c41c2b0) at sys_semop+0x352 sys/kern/sysv_sem.c:624 syscall(ffff80003c41c360) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c41c360) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe87be57f2c0, count: -3 ddb{0}> show registers rdi 0 rsi 0x6966 __ALIGN_SIZE+0x5966 rbp 0xffff80003c41c280 rbx 0xdeafbeaddeb1f4d5 rdx 0 rcx 0xffff80003abd5260 rax 0xffffffff838a4ff0 cpu_info_full_primary+0x1ff0 r8 0x7f7fffffc000 r9 0 r10 0xcf807065771a6066 r11 0x879b6cf6f02bb0aa r12 0x6966 __ALIGN_SIZE+0x5966 r13 0xfffffd806b5a5e70 r14 0xffff80003c41c360 r15 0x6966 __ALIGN_SIZE+0x5966 rip 0xffffffff82f70af2 sys_semop+0x352 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c41c190 ss 0x10 sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb{0}> show proc PROC (syz-executor) tid=470198 pid=3656 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003abd4800,0xffff80003abd5508 process=0xffff8000fffd79e8 user=0xffff80003c417000, vmspace=0xfffffd8064321b98 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 86779 210568 50316 0 7 0 syz-executor 86779 299554 50316 0 2 0x4000000 syz-executor 86779 76485 50316 0 2 0x4000000 syz-executor 10835 255624 94077 0 2 0 syz-executor 10835 122718 94077 0 3 0x4000080 fsleep syz-executor 26024 27185 36935 0 2 0 syz-executor 26024 385829 36935 0 3 0x4000080 fsleep syz-executor 26024 293723 36935 0 3 0x4000080 fsleep syz-executor 96606 40352 97462 0 2 0 syz-executor 96606 73146 97462 0 3 0x4000080 fsleep syz-executor 60029 99075 31744 0 2 0 syz-executor 60029 434176 31744 0 3 0x4000080 fifor syz-executor 3656 511310 78847 0 2 0 syz-executor 3656 75030 78847 0 2 0x4000000 syz-executor * 3656 470198 78847 0 7 0x4000000 syz-executor 3656 31678 78847 0 3 0x4000080 fsleep syz-executor 33505 69020 30913 0 2 0 syz-executor 33505 372666 30913 0 3 0x4000080 fifow syz-executor 33505 473155 30913 0 2 0x4000000 syz-executor 33505 117219 30913 0 2 0x4000000 syz-executor 21687 130048 88314 0 3 0x80 nanoslp syz-executor 21687 265373 88314 0 3 0x4000080 netcon syz-executor 21687 143139 88314 0 3 0x4000080 fsleep syz-executor 38941 475566 0 0 3 0x14200 acct acct 1307 251638 0 0 3 0x14280 nfsidl nfsio 92835 285943 0 0 3 0x14280 nfsidl nfsio 81339 296503 0 0 3 0x14280 nfsidl nfsio 98310 205322 0 0 3 0x14280 nfsidl nfsio 65876 338893 0 0 3 0x14280 nfsidl nfsio 13218 518493 0 0 3 0x14280 nfsidl nfsio 2292 246374 0 0 3 0x14280 nfsidl nfsio 98066 253982 0 0 3 0x14280 nfsidl nfsio 54425 47597 0 0 3 0x14280 nfsidl nfsio 77474 345975 0 0 3 0x14280 nfsidl nfsio 73547 296452 0 0 3 0x14280 nfsidl nfsio 20363 293201 0 0 3 0x14280 nfsidl nfsio 3982 436866 0 0 3 0x14280 nfsidl nfsio 56142 161923 0 0 3 0x14280 nfsidl nfsio 49365 116155 0 0 3 0x14280 nfsidl nfsio 79126 84297 0 0 3 0x14280 nfsidl nfsio 162 206993 0 0 3 0x14280 nfsidl nfsio 13590 313024 0 0 3 0x14280 nfsidl nfsio 51325 105416 0 0 3 0x14280 nfsidl nfsio 25387 357811 0 0 3 0x14280 nfsidl nfsio 5895 389854 35821 0 3 0x82 sbwait sshd-session 50316 43672 53938 0 3 0x82 nanoslp syz-executor 88314 271869 53938 0 3 0x82 nanoslp syz-executor 78847 108168 53938 0 3 0x82 nanoslp syz-executor 94077 461577 53938 0 3 0x82 nanoslp syz-executor 30913 479671 53938 0 3 0x82 nanoslp syz-executor 97462 29451 53938 0 3 0x82 nanoslp syz-executor 31744 142585 53938 0 3 0x82 nanoslp syz-executor 36935 321683 53938 0 3 0x82 nanoslp syz-executor 53938 493030 49476 0 3 0x82 kqread syz-executor 49476 222266 69351 0 3 0x10008a sigsusp ksh 69351 337549 61398 0 3 0x98 kqread sshd-session 61398 62687 35821 0 3 0x92 kqread sshd-session 77164 78726 1 0 3 0x100083 ttyin getty 35821 55690 1 0 3 0x88 kqread sshd 59034 376161 64177 74 3 0x1100092 bpf pflogd 64177 277809 1 0 3 0x80 sbwait pflogd 65274 79074 29264 73 3 0x1100090 kqread syslogd 29264 164910 1 0 3 0x100082 sbwait syslogd 87210 317934 1 0 3 0x100080 kqread resolvd 76386 354454 23850 77 3 0x100092 kqread dhcpleased 21475 160968 23850 77 3 0x100092 kqread dhcpleased 23850 257358 1 0 3 0x80 kqread dhcpleased 489 66702 0 0 3 0x14200 bored smr 62224 298655 0 0 2 0x14200 zerothread 40066 329896 0 0 3 0x14200 aiodoned aiodoned 26103 153653 0 0 3 0x14200 syncer update 33312 99634 0 0 3 0x14200 cleaner cleaner 54939 344043 0 0 3 0x14200 reaper reaper 62120 284163 0 0 3 0x14200 pgdaemon pagedaemon 45067 317847 0 0 3 0x14200 bored viomb 1989 200383 0 0 3 0x40014200 acpi0 acpi0 14524 468709 0 0 3 0x40014200 idle1 82301 240324 0 0 3 0x14200 bored softnet1 28903 412582 0 0 3 0x14200 bored softnet0 53468 7356 0 0 3 0x14200 bored systqmp 85813 345264 0 0 3 0x14200 bored systq 95641 102439 0 0 3 0x14200 tmoslp softclockmp 6369 406095 0 0 3 0x40014200 tmoslp softclock 24106 30039 0 0 3 0x40014200 idle0 1 517369 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 86779 (syz-executor) thread 0xffff80003abd5cc0 (299554) exclusive rrwlock inode r = 0 (0xfffffd8070484580) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline] #4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159 #5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232 #6 ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_makeinode+0xcd sys/ufs/ufs/ufs_vnops.c:1732 #8 ufs_mknod+0x5b sys/ufs/ufs/ufs_vnops.c:167 #9 VOP_MKNOD+0x101 sys/kern/vfs_vops.c:121 #10 domknodat+0x469 sys/kern/vfs_syscalls.c:1659 #11 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #11 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #12 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806e855120) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vfs_lookup+0x11c sys/kern/vfs_lookup.c:-1 #6 namei+0x7ca sys/kern/vfs_lookup.c:250 #7 domknodat+0xb4 sys/kern/vfs_syscalls.c:1611 #8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 Process 3656 (syz-executor) thread 0xffff80003abd5260 (470198) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83aaec80) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe3 sys/kern/kern_malloc.c:175 #3 sys_semop+0x22f sys/kern/sysv_sem.c:-1 #4 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #4 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #5 Xsyscall+0x128 Process 33505 (syz-executor) thread 0xffff80003abd5790 (473155) exclusive rwlock vmmaplk r = 0 (0xfffffd8064321e80) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413 #2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880 #3 uvm_fault_check+0x4f sys/uvm/uvm_fault.c:693 #4 uvm_fault+0x106 sys/uvm/uvm_fault.c:627 #5 kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283 #6 kerntrap+0x19d sys/arch/amd64/amd64/trap.c:528 #7 alltraps_kern_meltdown+0x7b #8 _copyin+0x5b #9 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #9 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #10 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11080 12108K 12457K 166960K 13321 0 pcb 20 13K 14K 166960K 210 0 rtable 251 9K 9K 166960K 535 0 pf 33 17K 81K 166960K 138 0 ifaddr 44 8K 8K 166960K 102 0 ifgroup 52 2K 2K 166960K 176 0 sysctl 4 1K 9K 166960K 11 0 counters 70 37K 38K 166960K 326 0 ioctlops 0 0K 4K 166960K 1740 0 iov 0 0K 16K 166960K 128 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1323 83K 84K 166960K 2202 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 3K 166960K 4 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 44 0 dirhash 12 2K 2K 166960K 27 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 93K 166960K 943 0 sigio 0 0K 0K 166960K 13 0 proc 73 115K 164K 166960K 635 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 123 0 in_multi 99 7K 7K 166960K 142 0 ether_multi 1 0K 0K 166960K 10 0 mrt 1 0K 0K 166960K 32 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 489 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 256 169K 187K 166960K 10517 0 UVM aobj 35 12K 12K 166960K 38 0 pinsyscall 45 90K 108K 166960K 2140 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 1K 166960K 76 0 NDP 13 0K 2K 166960K 70 0 temp 56 9078K 9148K 166960K 55427 0 kqueue 14 22K 32K 166960K 211 0 SYN cache 2 8K 16K 166960K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 84 0 80 1 0 1 1 0 8 0 rtentry 176 155 0 46 6 0 6 6 0 8 0 unpcb 144 585 0 561 6 2 4 4 0 8 3 syncache 336 8 0 8 2 2 0 1 0 8 0 tcpqe 32 2 0 2 2 2 0 1 0 8 0 tcpcb 736 374 0 364 8 1 7 7 0 8 6 arp 136 24 0 6 1 0 1 1 0 8 0 ipq 40 2 0 1 2 1 1 1 0 8 0 ipqe 40 3 0 2 2 1 1 1 0 8 0 inpcb 328 1059 0 1041 9 2 7 7 0 8 5 ip6q 72 6 0 4 1 0 1 1 0 8 0 ip6af 40 10 0 8 1 0 1 1 0 8 0 nd6 152 29 0 0 2 0 2 2 0 8 0 pkpcb 40 4 0 4 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 mppekey 1024 2 0 2 1 1 0 1 0 8 0 ppxss 1192 113 0 113 2 1 1 1 0 8 1 pppxif 1504 76 0 76 3 2 1 1 0 8 1 pffrag 232 2 0 1 1 0 1 1 0 482 0 pffrnode 88 2 0 1 1 0 1 1 0 8 0 pffrent 40 4 0 3 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 22 0 16 1 0 1 1 0 8 0 pfstkey 128 22 0 16 1 0 1 1 0 8 0 pfstate 448 22 0 16 3 0 3 3 0 8 2 pfrule 1360 23 0 17 2 1 1 2 0 8 0 rttmr 136 4 0 4 3 2 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 621 0 159 31 0 31 31 0 8 2 art_table 40 624 0 159 5 0 5 5 0 8 0 art_node 32 154 0 57 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 6 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 41 0 32 1 0 1 1 0 8 0 shmpl 112 32 0 3 1 0 1 1 0 8 0 dirhash 1024 27 0 10 3 0 3 3 0 8 0 dino2pl 256 3322 0 1862 93 0 93 93 0 8 0 ffsino 296 3322 0 1862 114 0 114 114 0 8 0 nchpl 144 4662 0 2957 64 0 64 64 0 8 0 rtmask 32 6 0 6 1 0 1 1 0 8 1 vnodes 216 3769 0 0 210 0 210 210 0 8 0 namei 1024 14937 0 14936 5 4 1 2 0 8 0 percpumem 16 178 0 128 1 0 1 1 0 8 0 vcpupl 3968 3 0 0 1 0 1 1 0 8 0 vmpool 848 3 0 0 1 0 1 1 0 8 0 kstatmem 264 106 0 80 4 1 3 3 0 8 1 scsiplug 72 6 0 6 3 2 1 1 0 8 1 scxspl 216 30613 0 30613 6 4 2 4 1 8 2 plimitpl 152 240 0 222 1 0 1 1 0 8 0 sigapl 424 1299 0 1229 9 1 8 8 0 8 0 knotepl 120 500 0 0 16 0 16 16 0 8 0 kqueuepl 224 333 0 322 4 2 2 2 0 8 1 pipepl 344 219 0 190 5 2 3 5 0 8 0 fdescpl 528 1255 0 1222 3 0 3 3 0 8 0 filepl 160 7305 0 7071 17 3 14 14 0 8 2 lockfpl 104 566 0 564 2 1 1 2 0 8 0 lockfspl 48 223 0 221 1 0 1 1 0 8 0 sessionpl 144 26 0 16 1 0 1 1 0 8 0 pgrppl 48 48 0 29 1 0 1 1 0 8 0 ucredpl 104 1396 0 1383 1 0 1 1 0 8 0 zombiepl 144 1618 0 1618 1 0 1 1 0 8 1 processpl 1232 1299 0 1229 6 0 6 6 0 8 0 procpl 664 2746 0 2661 8 0 8 8 0 8 0 sosppl 176 7 0 7 3 2 1 1 0 8 1 sockpl 752 1787 0 1741 18 7 11 11 0 8 5 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 126 0 0 16 0 16 16 0 8 0 mcl2k 2048 34 0 0 4 0 4 4 0 8 0 mtagpl 96 18 0 0 1 0 1 1 0 8 0 mbufpl 256 1485 0 0 93 0 93 93 0 8 0 bufpl 280 12459 0 6326 439 0 439 439 0 8 0 anonpl 32 12372 0 0 100 0 100 100 0 246 0 amapchunkpl 152 35361 0 34823 45 13 32 33 0 158 11 amappl16 200 4631 0 4594 40 25 15 27 0 8 5 amappl15 192 38 0 38 1 1 0 1 0 8 0 amappl14 184 459 0 458 1 0 1 1 0 8 0 amappl13 176 149 0 136 1 0 1 1 0 8 0 amappl12 168 1534 0 1502 2 0 2 2 0 8 0 amappl11 160 21 0 21 2 2 0 1 0 8 0 amappl10 152 65 0 51 1 0 1 1 0 8 0 amappl9 144 259 0 259 1 1 0 1 0 8 0 amappl8 136 110 0 108 1 0 1 1 0 8 0 amappl7 128 41 0 39 1 0 1 1 0 8 0 amappl6 120 275 0 262 1 0 1 1 0 8 0 amappl5 112 109 0 99 1 0 1 1 0 8 0 amappl4 104 516 0 476 2 0 2 2 0 8 0 amappl3 96 6211 0 6110 4 1 3 3 0 8 0 amappl2 88 1364 0 1288 2 0 2 2 0 8 0 amappl1 80 13967 0 13288 17 3 14 16 0 8 0 amappl 88 9612 0 9434 6 1 5 5 0 92 0 uvmvnodes 80 135 0 0 3 0 3 3 0 8 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 256 0 256 4 3 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 37 0 3 1 0 1 1 0 8 0 uaddrrnd 24 1255 0 1222 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1255 0 1222 1 0 1 1 0 8 0 vmmpekpl 168 12122 0 12075 3 0 3 3 0 8 0 vmmpepl 168 88063 0 85922 127 15 112 117 0 357 11 vmsppl 488 1254 0 1222 6 1 5 5 0 8 0 rwobjpl 80 26419 0 25200 35 1 34 35 0 8 0 pdppl 4096 2523 0 2447 112 36 76 85 0 8 0 pvpl 32 22324 0 0 182 2 180 180 0 265 0 pmappl 256 1257 0 1222 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 387 0 49 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff80003abd5260,ffff80003c41c360,ffff80003c41c2b0) at sys_semop+0x352 sys/kern/sysv_sem.c:624 syscall(ffff80003c41c360) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c41c360) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe87be57f2c0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff8000299bdff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x19 kd_curproc sys/dev/kcov.c:580 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x19 sys/dev/kcov.c:153 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7925d5757990, count: -5