kernel: protection fault trap, code=0 Stopped at sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace sys_semop(ffff8000fffe74e0,ffff80002efea6c0,ffff80002efea610) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80002efea6c0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002efea6c0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x589dcafebf0, count: -3 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002efea5e0 rbx 0xdead4110dead4110 rdx 0 rcx 0xffff8000fffe74e0 rax 0xdead4110dead4110 r8 0x7f7fffffc000 r9 0xfffffd80097fd1a0 r10 0x301840eba111c238 r11 0x404afdac0a175d7f r12 0 r13 0xfffffd806cafad20 r14 0xffff80002efea6c0 r15 0 rip 0xffffffff827ecdc5 sys_semop+0x3d5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002efea4f0 ss 0x10 sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{1}> show proc PROC (syz-executor) tid=183487 pid=14461 tcnt=4 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffe7a10,0xffff8000fffe6fc0 process=0xffff80003a41e1d0 user=0xffff80002efe5000, vmspace=0xfffffd8077bf6b90 estcpu=0, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 47636 72800 81241 32767 2 0x10 syz-executor 81454 192316 82162 32767 2 0x10 syz-executor 81454 483071 82162 32767 2 0x4000010 syz-executor 19477 75334 89396 32767 2 0x10 syz-executor 19477 394718 89396 32767 2 0x4000010 syz-executor 61901 321731 17143 32767 2 0x10 syz-executor 61901 469165 17143 32767 2 0x4000010 syz-executor 13050 306458 48954 32767 2 0x10 syz-executor 13050 519557 48954 32767 2 0x4000010 syz-executor 88347 219978 33972 32767 2 0x10 syz-executor 88347 289333 33972 32767 2 0x4000010 syz-executor 14461 12653 68386 32767 7 0x10 syz-executor *14461 183487 68386 32767 7 0x4000010 syz-executor 14461 224271 68386 32767 2 0x4000010 syz-executor 14461 62804 68386 32767 2 0x4000010 syz-executor 23184 3403 28219 0 2 0x2 syz-executor 82162 421484 58751 32767 3 0x90 nanoslp syz-executor 89396 506341 12334 32767 3 0x90 nanoslp syz-executor 33972 167197 31983 32767 2 0x10 syz-executor 81241 219735 68392 32767 2 0x10 syz-executor 68386 28956 68441 32767 2 0x10 syz-executor 48954 259363 8763 32767 2 0x10 syz-executor 17143 386402 46005 32767 2 0x10 syz-executor 68441 103784 28219 0 3 0x82 wait syz-executor 68392 24280 28219 0 3 0x82 wait syz-executor 58751 76110 28219 0 3 0x82 wait syz-executor 12334 191260 28219 0 3 0x82 wait syz-executor 8763 333609 28219 0 3 0x82 wait syz-executor 46005 276569 28219 0 3 0x82 wait syz-executor 31983 26087 28219 0 3 0x82 wait syz-executor 28219 421629 26116 0 2 0x2 syz-executor 26116 523825 64124 0 3 0x10008a sigsusp ksh 64124 97258 95803 0 3 0x98 kqread sshd-session 95803 482735 29431 0 3 0x92 kqread sshd-session 12075 303987 1 0 3 0x100083 ttyin getty 29431 52469 1 0 3 0x88 kqread sshd 13788 377261 69077 73 3 0x1100090 kqread syslogd 69077 208842 1 0 3 0x100082 sbwait syslogd 63925 12755 1 0 3 0x100080 kqread resolvd 38300 49663 79856 77 3 0x100092 kqread dhcpleased 75187 73999 79856 77 3 0x100092 kqread dhcpleased 79856 313578 1 0 3 0x80 kqread dhcpleased 55915 61981 0 0 3 0x14200 bored smr 15183 275557 0 0 2 0x14200 zerothread 53091 285386 0 0 3 0x14200 aiodoned aiodoned 42160 245850 0 0 3 0x14200 syncer update 5964 21663 0 0 3 0x14200 cleaner cleaner 81942 403540 0 0 3 0x14200 reaper reaper 20839 363022 0 0 3 0x14200 pgdaemon pagedaemon 52269 44882 0 0 3 0x14200 bored viomb 74842 296754 0 0 3 0x40014200 acpi0 acpi0 4364 285891 0 0 3 0x40014200 idle1 51929 411688 0 0 3 0x14200 bored softnet1 54262 248598 0 0 3 0x14200 bored softnet0 38841 28072 0 0 3 0x14200 bored systqmp 98784 7764 0 0 3 0x14200 bored systq 37400 522370 0 0 3 0x14200 tmoslp softclockmp 10734 127058 0 0 3 0x40014200 tmoslp softclock 86179 145412 0 0 3 0x40014200 idle0 1 351633 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 14461 (syz-executor) thread 0xffff8000fffe74e0 (183487) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff838c2830) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 sleep_finish+0x2d8 sys/kern/kern_synch.c:367 #3 rw_do_enter_write+0x1dc sys/kern/kern_rwlock.c:298 #4 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5171 #5 uvmfault_lookup+0xe8 sys/uvm/uvm_fault.c:1896 #6 uvm_fault_check+0x38c sys/uvm/uvm_fault.c:699 #7 uvm_fault+0x106 sys/uvm/uvm_fault.c:633 #8 kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283 #9 kerntrap+0x19c sys/arch/amd64/amd64/trap.c:510 #10 alltraps_kern_meltdown+0x7b #11 _copyin+0x5b #12 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #12 syscall+0xb17 sys/arch/amd64/amd64/trap.c:765 #13 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10187 10955K 10973K 166960K 11281 0 pcb 17 12K 12K 166960K 17 0 rtable 215 6K 7K 166960K 355 0 pf 29 16K 16K 166960K 31 0 ifaddr 38 6K 7K 166960K 44 0 ifgroup 46 2K 2K 166960K 50 0 sysctl 3 1K 9K 166960K 7 0 counters 66 36K 36K 166960K 68 0 ioctlops 0 0K 2K 166960K 31 0 iov 0 0K 12K 166960K 5 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1335 84K 84K 166960K 1455 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 4 0 VM map 2 1K 1K 166960K 2 0 sem 8 0K 0K 166960K 12 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 24 89K 125K 166960K 288 0 sigio 0 0K 0K 166960K 5 0 proc 58 99K 147K 166960K 502 0 subproc 72 4K 4K 166960K 162 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 28 0 in_multi 88 6K 7K 166960K 103 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 395 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 223 150K 160K 166960K 3928 0 UVM aobj 5 2K 3K 166960K 7 0 pinsyscall 45 90K 112K 166960K 1326 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 8 0 NDP 10 0K 2K 166960K 27 0 temp 35 8670K 8794K 166960K 4354 0 kqueue 13 20K 29K 166960K 49 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 46 0 43 1 0 1 1 0 8 0 rtentry 176 112 0 13 6 0 6 6 0 8 0 unpcb 144 111 0 95 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 736 81 0 77 4 0 4 4 0 8 3 arp 136 18 0 2 1 0 1 1 0 8 0 inpcb 328 251 0 244 7 0 7 7 0 8 6 ip6q 72 1 0 0 1 0 1 1 0 8 0 ip6af 40 1 0 0 1 0 1 1 0 8 0 nd6 152 25 0 4 1 0 1 1 0 8 0 kcovpl 48 18 0 10 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 453 0 46 29 0 29 29 0 8 2 art_table 40 454 0 46 5 0 5 5 0 8 0 art_node 32 112 0 22 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 1 1 0 1 1 0 8 1 semapl 112 8 0 3 1 0 1 1 0 8 0 shmpl 112 4 0 2 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 1727 0 210 95 0 95 95 0 8 0 ffsino 296 1727 0 210 117 0 117 117 0 8 0 nchpl 144 2062 0 368 64 0 64 64 0 8 0 vnodes 216 1898 0 0 106 0 106 106 0 8 0 namei 1024 6100 0 6100 1 0 1 1 0 8 1 percpumem 16 49 0 1 1 0 1 1 0 8 0 kstatmem 264 24 0 2 2 0 2 2 0 8 0 scxspl 216 6871 0 6871 3 2 1 2 1 8 1 plimitpl 152 68 0 45 2 0 2 2 0 8 1 sigapl 424 548 0 496 7 0 7 7 0 8 1 knotepl 120 122 0 0 4 0 4 4 0 8 0 kqueuepl 224 57 0 48 1 0 1 1 0 8 0 pipepl 344 155 0 128 3 0 3 3 0 8 0 fdescpl 528 532 0 496 4 0 4 4 0 8 1 filepl 160 2168 0 1965 12 0 12 12 0 8 3 lockfpl 104 45 0 43 1 0 1 1 0 8 0 lockfspl 48 18 0 16 1 0 1 1 0 8 0 sessionpl 144 30 0 15 1 0 1 1 0 8 0 pgrppl 48 50 0 27 1 0 1 1 0 8 0 ucredpl 104 219 0 201 1 0 1 1 0 8 0 zombiepl 144 496 0 496 1 0 1 1 0 8 1 processpl 1232 548 0 496 5 0 5 5 0 8 0 procpl 664 739 0 679 6 0 6 6 0 8 1 sosppl 176 3 0 3 1 0 1 1 0 8 1 sockpl 752 410 0 384 10 0 10 10 0 8 7 mcl64k 65536 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 138 0 0 18 0 18 18 0 8 0 mcl2k 2048 33 0 0 5 0 5 5 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 216 0 0 14 0 14 14 0 8 0 bufpl 280 2519 0 115 172 0 172 172 0 8 0 anonpl 32 7285 0 0 59 0 59 59 0 246 0 amapchunkpl 152 11941 0 11467 32 0 32 32 0 158 13 amappl16 200 2547 0 2531 18 4 14 14 0 8 12 amappl15 192 4 0 4 2 2 0 1 0 8 0 amappl14 184 6 0 6 2 1 1 1 0 8 1 amappl13 176 394 0 393 1 0 1 1 0 8 0 amappl12 168 869 0 825 3 0 3 3 0 8 0 amappl11 160 7 0 7 1 1 0 1 0 8 0 amappl10 152 43 0 32 1 0 1 1 0 8 0 amappl9 144 292 0 292 1 1 0 1 0 8 0 amappl8 136 20 0 19 1 0 1 1 0 8 0 amappl7 128 75 0 74 1 0 1 1 0 8 0 amappl6 120 252 0 241 1 0 1 1 0 8 0 amappl5 112 69 0 62 1 0 1 1 0 8 0 amappl4 104 366 0 344 1 0 1 1 0 8 0 amappl3 96 1920 0 1832 3 0 3 3 0 8 0 amappl2 88 703 0 628 2 0 2 2 0 8 0 amappl1 80 9258 0 8689 14 0 14 14 0 8 1 amappl 88 3222 0 3067 5 0 5 5 0 92 0 uvmvnodes 80 102 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 6 0 2 1 0 1 1 0 8 0 uaddrrnd 24 532 0 496 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 532 0 496 1 0 1 1 0 8 0 vmmpekpl 168 5981 0 5948 2 0 2 2 0 8 0 vmmpepl 168 41818 0 39825 99 0 99 99 0 357 12 vmsppl 488 531 0 496 7 1 6 6 0 8 1 rwobjpl 80 14770 0 13863 24 0 24 24 0 8 2 pdppl 4096 1071 0 992 109 30 79 97 0 8 0 pvpl 32 14498 0 0 117 0 117 117 0 265 0 pmappl 256 531 0 496 4 1 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 289 0 33 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff8380dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838c2628) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838c2628) at __mp_lock+0x192 sys/kern/kern_lock.c:165 syscall(ffff80002a320890) at syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline] syscall(ffff80002a320890) at syscall+0xaf4 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x733e5f4267a0, count: -6 ddb{0}> machine ddbcpu 1 Stopped at sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{1}> trace sys_semop(ffff8000fffe74e0,ffff80002efea6c0,ffff80002efea610) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80002efea6c0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002efea6c0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x589dcafebf0, count: -3