kernel: protection fault trap, code=0 Stopped at sys_semop+0x45b: movzwl 0(%rax),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff800030f89480,ffff80002a0c6aa0,ffff80002a0c69f0) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff80002a0c6aa0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a0c6aa0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x82b15a774d0, count: -3 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a0c69c0 rbx 0 rdx 0 rcx 0xffff800030f89480 rax 0xdead4110dead4110 r8 0x7f7fffffc000 r9 0xfffffd807f7d3410 r10 0x40590eab4013ed27 r11 0xd46b7bf41373b6a2 r12 0xffff8000012e0204 r13 0 r14 0xffff80002a0c6aa0 r15 0 rip 0xffffffff828e69db sys_semop+0x45b cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a0c68a0 ss 0x10 sys_semop+0x45b: movzwl 0(%rax),%r15d ddb{0}> show proc PROC (syz-executor) tid=225572 pid=12807 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=36, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000363aaf60,0xffff800030f88a70 process=0xffff800037282448 user=0xffff80002a0c1000, vmspace=0xfffffd806ec9d1c8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 12807 218002 11679 0 7 0 syz-executor *12807 225572 11679 0 7 0x4000000 syz-executor 12807 366194 11679 0 2 0x4000080 syz-executor 61069 504758 5350 0 2 0 syz-executor 61069 415919 5350 0 2 0x4000000 syz-executor 8166 152268 45586 0 2 0 syz-executor 8166 19102 45586 0 2 0x4000000 syz-executor 12461 387704 30680 0 2 0x100002 sh 70935 211306 2108 0 2 0 syz-executor 70935 3458 2108 0 3 0x4000080 fsleep syz-executor 70935 33257 2108 0 3 0x4000080 fsleep syz-executor 70935 478220 2108 0 3 0x4000080 fsleep syz-executor 30680 38470 71767 0 3 0x82 wait syz-executor 15320 135434 54722 0 2 0x480 syz-executor 15320 28201 54722 0 3 0x4000080 kqsel syz-executor 15320 157654 54722 0 3 0x4000080 fsleep syz-executor 15320 38498 54722 0 3 0x4000080 fsleep syz-executor 70747 442928 88428 0 2 0x480 syz-executor 70747 386337 88428 0 3 0x4000080 pipewr syz-executor 70747 392415 88428 0 3 0x4000080 lockf syz-executor 51673 351051 0 0 3 0x14280 nfsidl nfsio 11445 214666 0 0 3 0x14280 nfsidl nfsio 70921 151726 0 0 3 0x14280 nfsidl nfsio 47692 483115 0 0 3 0x14280 nfsidl nfsio 38705 26823 0 0 3 0x14280 nfsidl nfsio 50443 81519 0 0 3 0x14280 nfsidl nfsio 79977 502988 0 0 3 0x14280 nfsidl nfsio 66671 393835 0 0 3 0x14280 nfsidl nfsio 85496 123055 0 0 3 0x14280 nfsidl nfsio 507 43502 0 0 3 0x14280 nfsidl nfsio 18428 465673 0 0 3 0x14280 nfsidl nfsio 9230 435516 0 0 3 0x14280 nfsidl nfsio 7042 100573 0 0 3 0x14280 nfsidl nfsio 15614 430579 0 0 3 0x14280 nfsidl nfsio 60717 499678 0 0 3 0x14280 nfsidl nfsio 11569 169217 0 0 3 0x14280 nfsidl nfsio 23868 274279 0 0 3 0x14280 nfsidl nfsio 58740 364688 0 0 3 0x14280 nfsidl nfsio 74697 175637 0 0 3 0x14280 nfsidl nfsio 89077 160119 0 0 3 0x14280 nfsidl nfsio 57199 195751 0 0 3 0x14200 acct acct 49024 23588 0 0 3 0x14200 bored sosplice 88676 163173 1 0 3 0x100083 ttyin getty 5350 132180 71767 0 2 0x482 syz-executor 2108 237332 71767 0 3 0x82 nanoslp syz-executor 11679 507266 71767 0 3 0x82 nanoslp syz-executor 54722 424165 71767 0 2 0x482 syz-executor 17010 282256 71767 0 3 0x82 wait syz-executor 88428 152902 71767 0 2 0x482 syz-executor 45586 155383 71767 0 2 0x482 syz-executor 71767 145703 36529 0 2 0x2 syz-executor 36529 271656 40001 0 3 0x10008a sigsusp ksh 40001 243994 37535 0 3 0x98 kqread sshd-session 37535 264391 61419 0 3 0x92 kqread sshd-session 61419 36196 1 0 3 0x88 kqread sshd 70346 165157 16669 74 3 0x1100092 bpf pflogd 16669 164370 1 0 3 0x80 sbwait pflogd 19629 334683 50815 73 3 0x1100090 kqread syslogd 50815 88447 1 0 3 0x100082 sbwait syslogd 19524 126809 1 0 3 0x100080 kqread resolvd 68080 131477 15966 77 3 0x100092 kqread dhcpleased 60055 488135 15966 77 3 0x100092 kqread dhcpleased 15966 58626 1 0 3 0x80 kqread dhcpleased 10612 314747 0 0 3 0x14200 bored smr 1036 523895 0 0 2 0x14200 zerothread 83215 255010 0 0 3 0x14200 aiodoned aiodoned 23330 388303 0 0 3 0x14200 syncer update 96308 220571 0 0 3 0x14200 cleaner cleaner 17 68057 0 0 3 0x14200 reaper reaper 94944 342098 0 0 3 0x14200 pgdaemon pagedaemon 15841 243499 0 0 3 0x14200 bored viomb 57362 166373 0 0 3 0x40014200 acpi0 acpi0 51972 46548 0 0 3 0x40014200 idle1 21110 345262 0 0 3 0x14200 bored softnet3 37600 292780 0 0 3 0x14200 bored softnet2 28172 459 0 0 3 0x14200 bored softnet1 61130 455818 0 0 3 0x14200 bored softnet0 45885 294561 0 0 3 0x14200 bored systqmp 12716 208697 0 0 3 0x14200 bored systq 16910 509519 0 0 3 0x14200 tmoslp softclockmp 62904 493927 0 0 2 0x40014200 softclock 82706 386915 0 0 3 0x40014200 idle0 1 409358 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 12807 (syz-executor) thread 0xffff800030f89480 (225572) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8354c7e8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 __mp_acquire_count+0x58 #2 mi_switch+0x4b7 sys/kern/sched_bsd.c:441 #3 sleep_finish+0x2e7 sys/kern/kern_synch.c:425 #4 rw_enter+0x348 sys/kern/kern_rwlock.c:285 #5 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1819 #6 uvm_fault_check+0x49 sys/uvm/uvm_fault.c:672 #7 uvm_fault+0xf5 sys/uvm/uvm_fault.c:600 #8 kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279 #9 kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 #10 alltraps_kern_meltdown+0x7b #11 _copyin+0x57 #12 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] #12 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #13 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10200 11126K 11509K 166960K 11772 0 pcb 18 12K 12K 166960K 81 0 rtable 216 8K 9K 166960K 430 0 pf 39 18K 22K 166960K 73 0 ifaddr 40 6K 7K 166960K 61 0 ifgroup 61 2K 2K 166960K 83 0 sysctl 0 0K 1K 166960K 1 0 counters 68 36K 36K 166960K 80 0 ioctlops 0 0K 4K 166960K 1526 0 iov 0 0K 16K 166960K 25 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1367 86K 86K 166960K 1695 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 5K 166960K 6 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 24 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 18 65K 93K 166960K 559 0 sigio 0 0K 0K 166960K 7 0 proc 72 91K 128K 166960K 636 0 subproc 104 6K 6K 166960K 131 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 1 0K 0K 166960K 58 0 in_multi 78 5K 6K 166960K 140 0 ether_multi 1 0K 0K 166960K 4 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 433 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 249 73K 76K 166960K 6619 0 UVM aobj 20 2K 2K 166960K 21 0 pinsyscall 43 86K 102K 166960K 1687 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 35 0 NDP 14 0K 1K 166960K 40 0 temp 41 6819K 6946K 166960K 19342 0 kqueue 13 20K 28K 166960K 88 0 SYN cache 2 10K 18K 166960K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 68 0 65 1 0 1 1 0 8 0 rtentry 112 133 0 38 3 0 3 3 0 8 0 unpcb 144 350 0 333 6 0 6 6 0 8 5 syncache 336 7 0 7 2 1 1 1 0 8 1 tcpqe 32 2 0 2 1 0 1 1 0 8 1 tcpcb 808 213 0 205 4 0 4 4 0 8 2 arp 120 22 0 7 1 0 1 1 0 8 0 ipq 40 1 0 1 1 0 1 1 0 8 1 ipqe 40 3 0 3 1 0 1 1 0 8 1 inpcb 336 538 0 524 4 0 4 4 0 8 2 nd6 136 30 0 9 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 1 0 1 0 8 0 kcovpl 48 10 0 2 1 0 1 1 0 8 0 ppxss 1168 3 0 2 2 1 1 1 0 8 0 pffrag 232 1 0 0 1 0 1 1 0 482 0 pffrnode 88 1 0 0 1 0 1 1 0 8 0 pffrent 40 2 0 1 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 1 0 0 1 0 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 47 0 2 1 0 1 1 0 8 0 pfstkey 128 47 0 2 2 0 2 2 0 8 0 pfstate 376 47 0 2 5 0 5 5 0 8 0 pfrule 1344 23 0 16 2 0 2 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 515 0 134 27 0 27 27 0 8 1 art_table 32 517 0 134 4 0 4 4 0 8 0 art_node 16 131 0 44 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 19 0 10 1 0 1 1 0 8 0 shmpl 112 18 0 1 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 2308 0 805 95 0 95 95 0 8 0 ffsino 272 2308 0 805 102 0 102 102 0 8 0 nchpl 144 3104 0 1411 64 0 64 64 0 8 0 uvmvnodes 80 2609 0 0 54 0 54 54 0 8 0 vnodes 216 2609 0 0 145 0 145 145 0 8 0 namei 1024 10221 0 10221 2 1 1 2 0 8 1 percpumem 16 54 0 6 1 0 1 1 0 8 0 kstatmem 264 40 0 12 2 0 2 2 0 8 0 scsiplug 72 8 0 8 1 0 1 1 0 8 1 scxspl 216 8999 0 8999 6 3 3 3 1 8 3 plimitpl 152 147 0 129 1 0 1 1 0 8 0 sigapl 424 879 0 807 11 2 9 9 0 8 0 futexpl 64 6281 0 6276 1 0 1 1 0 8 0 knotepl 120 553 0 0 17 0 17 17 0 8 0 kqueuepl 216 232 0 222 6 0 6 6 0 8 5 pipepl 320 214 0 121 9 0 9 9 0 8 0 fdescpl 496 839 0 807 5 0 5 5 0 8 0 filepl 152 4630 0 4244 17 1 16 16 0 8 0 lockfpl 104 301 0 297 1 0 1 1 0 8 0 lockfspl 48 88 0 85 1 0 1 1 0 8 0 sessionpl 144 28 0 19 1 0 1 1 0 8 0 pgrppl 48 40 0 23 1 0 1 1 0 8 0 ucredpl 104 504 0 491 1 0 1 1 0 8 0 zombiepl 144 808 0 807 1 0 1 1 0 8 0 processpl 1160 879 0 807 7 1 6 6 0 8 0 procpl 648 1519 0 1435 9 1 8 8 0 8 0 srpgc 96 6 0 6 2 1 1 1 0 8 1 sosppl 168 5 0 5 1 0 1 1 0 8 1 sockpl 664 967 0 933 14 3 11 14 0 8 7 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 151 0 0 19 0 19 19 0 8 0 mcl2k 2048 22 0 0 3 0 3 3 0 8 0 mtagpl 96 14 0 0 1 0 1 1 0 8 0 mbufpl 256 178 0 0 11 0 11 11 0 8 0 bufpl 280 3070 0 103 212 0 212 212 0 8 0 anonpl 24 130506 0 126833 50 3 47 47 0 185 14 amapchunkpl 152 20714 0 20179 30 0 30 30 0 158 6 amappl16 200 2326 0 2292 20 8 12 15 0 8 8 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 122 0 110 1 0 1 1 0 8 0 amappl13 176 3 0 3 1 1 0 1 0 8 0 amappl12 168 1527 0 1494 4 1 3 3 0 8 0 amappl11 160 56 0 42 1 0 1 1 0 8 0 amappl10 152 8 0 7 1 0 1 1 0 8 0 amappl9 144 188 0 188 1 1 0 1 0 8 0 amappl8 136 33 0 30 1 0 1 1 0 8 0 amappl7 128 108 0 96 1 0 1 1 0 8 0 amappl6 120 195 0 193 1 0 1 1 0 8 0 amappl5 112 141 0 130 1 0 1 1 0 8 0 amappl4 104 328 0 309 1 0 1 1 0 8 0 amappl3 96 3843 0 3741 3 0 3 3 0 8 0 amappl2 88 1126 0 1041 3 0 3 3 0 8 0 amappl1 80 9587 0 9014 15 1 14 14 0 8 0 amappl 88 6188 0 6002 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 20 0 1 1 0 1 1 0 8 0 uaddrrnd 24 839 0 807 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 839 0 807 1 0 1 1 0 8 0 vmmpekpl 168 8255 0 8202 3 0 3 3 0 8 0 vmmpepl 168 57116 0 55204 97 2 95 95 0 357 5 vmsppl 448 838 0 807 6 2 4 5 0 8 0 rwobjpl 56 20276 0 16687 52 0 52 52 0 8 0 pdppl 4096 1685 0 1614 105 32 73 85 0 8 2 pvpl 32 15288 0 0 124 0 124 124 0 265 0 pmappl 248 838 0 807 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 392 0 39 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff800030f89480,ffff80002a0c6aa0,ffff80002a0c69f0) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff80002a0c6aa0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a0c6aa0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x82b15a774d0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8354c5e0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8354c5e0) at __mp_lock+0x192 sys/kern/kern_lock.c:144 syscall(ffff8000374bfe60) at syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff8000374bfe60) at syscall+0xad6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6febe037d2d0, count: -6