kernel: protection fault trap, code=0 Stopped at sys_semop+0x45b: movzwl 0(%rax),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff800035cd14a8,ffff8000348c8b10,ffff8000348c8a60) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff8000348c8b10) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff8000348c8b10) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x95de7cc61d0, count: -3 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff8000348c8a30 rbx 0 rdx 0 rcx 0xffff800035cd14a8 rax 0xdeafbeaddeafc1ad r8 0x7f7fffffc000 r9 0 r10 0x90f4ef34995d835d r11 0xeb15053214209b88 r12 0xffff800001485204 r13 0 r14 0xffff8000348c8b10 r15 0 rip 0xffffffff8168121b sys_semop+0x45b cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000348c8910 ss 0x10 sys_semop+0x45b: movzwl 0(%rax),%r15d ddb{0}> show proc PROC (syz-executor) tid=257003 pid=9552 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=76, usrpri=76, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800035cd0028,0xffff800035cd0a78 process=0xffff80003c4ff4b0 user=0xffff8000348c3000, vmspace=0xfffffd806be93ac8 estcpu=26, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 9552 116477 11081 0 2 0 syz-executor * 9552 257003 11081 0 7 0x4000000 syz-executor 9552 43213 11081 0 2 0x4000000 syz-executor 9552 107014 11081 0 3 0x4000080 fsleep syz-executor 94937 219650 9508 0 7 0 syz-executor 94937 256266 9508 0 2 0x4000000 syz-executor 94937 404726 9508 0 3 0x4000080 fsleep syz-executor 2445 50 78236 0 3 0x80 nanoslp syz-executor 2445 172107 78236 0 2 0x4000000 syz-executor 2445 290442 78236 0 2 0x4000000 syz-executor 88216 402058 33368 0 2 0 syz-executor 88216 339508 33368 0 3 0x4000080 ttyout syz-executor 88216 161534 33368 0 2 0x4000000 syz-executor 88216 350983 33368 0 3 0x4000080 fsleep syz-executor 8391 130261 75802 0 2 0x1000000 syz-executor 8391 256798 75802 0 3 0x5000080 fsleep syz-executor 8391 354711 75802 0 2 0x5000000 syz-executor 32439 446720 68073 0 2 0 syz-executor 32439 501464 68073 0 2 0x4000000 syz-executor 32439 103398 68073 0 2 0x4000000 syz-executor 32439 150747 68073 0 3 0x4000080 fsleep syz-executor 38613 30884 51409 0 3 0x3000 suspend syz-executor 38613 469153 51409 0 2 0x4081000 syz-executor 22997 375385 0 0 3 0x14200 bored sosplice 33368 289952 30255 0 3 0x82 nanoslp syz-executor 11081 446589 30255 0 3 0x82 nanoslp syz-executor 9508 449782 30255 0 3 0x82 nanoslp syz-executor 51409 219981 30255 0 3 0x82 nanoslp syz-executor 75802 82633 30255 0 3 0x82 nanoslp syz-executor 68073 284870 30255 0 3 0x82 nanoslp syz-executor 23280 144412 30255 0 2 0x82 syz-executor 78236 496626 30255 0 3 0x82 nanoslp syz-executor 30255 523223 49160 0 3 0x82 kqread syz-executor 49160 106997 15198 0 3 0x10008a sigsusp ksh 15198 75966 57912 0 3 0x98 kqread sshd-session 57912 65547 68484 0 3 0x92 kqread sshd-session 28942 458963 1 0 3 0x100083 ttyin getty 68484 495309 1 0 3 0x88 kqread sshd 19994 99721 49909 74 3 0x1100092 bpf pflogd 49909 180783 1 0 3 0x80 sbwait pflogd 27738 491210 89548 73 3 0x1100090 kqread syslogd 89548 456859 1 0 3 0x100082 sbwait syslogd 59285 438138 1 0 3 0x100080 kqread resolvd 48673 434241 81207 77 3 0x100092 kqread dhcpleased 45021 251757 81207 77 3 0x100092 kqread dhcpleased 81207 163688 1 0 3 0x80 kqread dhcpleased 4592 306862 0 0 3 0x14200 bored smr 35884 169924 0 0 2 0x14200 zerothread 60056 106602 0 0 3 0x14200 aiodoned aiodoned 13816 417533 0 0 3 0x14200 syncer update 3594 262125 0 0 3 0x14200 cleaner cleaner 56022 238430 0 0 3 0x14200 reaper reaper 48362 305682 0 0 3 0x14200 pgdaemon pagedaemon 38355 176716 0 0 3 0x14200 bored viomb 75072 143087 0 0 3 0x40014200 acpi0 acpi0 80028 347937 0 0 3 0x40014200 idle1 29371 119679 0 0 3 0x14200 bored softnet3 81231 403103 0 0 3 0x14200 bored softnet2 19882 242406 0 0 3 0x14200 bored softnet1 12856 317913 0 0 3 0x14200 bored softnet0 25952 242039 0 0 3 0x14200 bored systqmp 20911 2011 0 0 3 0x14200 bored systq 43168 431868 0 0 3 0x14200 tmoslp softclockmp 14565 22455 0 0 3 0x40014200 tmoslp softclock 27445 129151 0 0 3 0x40014200 idle0 1 483162 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 9552 (syz-executor) thread 0xffff800035cd14a8 (257003) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8398e998) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 __mp_acquire_count+0x58 #2 mi_switch+0x4b7 sys/kern/sched_bsd.c:441 #3 yield+0x6a sys/kern/sched_bsd.c:320 #4 malloc+0xe5 sys/kern/kern_malloc.c:174 #5 sys_semop+0x234 sys/kern/sysv_sem.c:564 #6 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #6 syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 Process 9552 (syz-executor) thread 0xffff800035cd02b8 (43213) exclusive rwlock futex r = 0 (0xffffffff837cca28) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 sys_futex+0x69 sys/kern/sys_futex.c:98 #3 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #3 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577 #4 Xsyscall+0x128 Process 2445 (syz-executor) thread 0xffff800035cd1c58 (172107) exclusive rwlock vmmaplk r = 0 (0xfffffd806eb719f0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5250 #3 uvmfault_lookup+0xe8 sys/uvm/uvm_fault.c:1858 #4 uvm_fault_check+0x987 uvmfault_amapcopy sys/uvm/uvm_fault.c:235 [inline] #4 uvm_fault_check+0x987 sys/uvm/uvm_fault.c:774 #5 uvm_fault+0x106 sys/uvm/uvm_fault.c:668 #6 kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279 #7 kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 #8 alltraps_kern_meltdown+0x7b #9 copyout+0x57 #10 mmrw+0x3de #11 spec_read+0x155 sys/kern/spec_vnops.c:215 #12 VOP_READ+0x102 sys/kern/vfs_vops.c:227 #13 vn_read+0x17b sys/kern/vfs_vnops.c:369 #14 dofilereadv+0x230 sys/kern/sys_generic.c:252 #15 sys_preadv+0xe3 sys/kern/vfs_syscalls.c:3334 #16 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #16 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577 #17 Xsyscall+0x128 Process 38613 (syz-executor) thread 0xffff8000ffff82b0 (469153) exclusive rwlock vmmaplk r = 0 (0xfffffd806be932e0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5250 #3 uvmfault_lookup+0xe8 sys/uvm/uvm_fault.c:1858 #4 uvm_fault_check+0x987 uvmfault_amapcopy sys/uvm/uvm_fault.c:235 [inline] #4 uvm_fault_check+0x987 sys/uvm/uvm_fault.c:774 #5 uvm_fault+0x106 sys/uvm/uvm_fault.c:668 #6 kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279 #7 kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 #8 alltraps_kern_meltdown+0x7b #9 _copyin+0x57 #10 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #10 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577 #11 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10203 11151K 11283K 166960K 11640 0 pcb 17 12K 12K 166960K 39 0 rtable 152 5K 6K 166960K 378 0 pf 34 17K 19K 166960K 54 0 ifaddr 34 5K 7K 166960K 50 0 ifgroup 55 2K 2K 166960K 66 0 sysctl 1 1K 1K 166960K 1 0 counters 64 36K 36K 166960K 70 0 ioctlops 0 0K 4K 166960K 1489 0 iov 1 2K 16K 166960K 6 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1337 84K 84K 166960K 1424 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 4 0 VM map 2 1K 1K 166960K 2 0 sem 8 0K 0K 166960K 10 0 dirhash 12 2K 3K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 93K 166960K 234 0 sigio 0 0K 0K 166960K 4 0 proc 71 91K 115K 166960K 534 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 9 0 in_multi 66 4K 7K 166960K 105 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 49 228K 228K 166960K 49 0 exec 0 0K 1K 166960K 375 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 244 73K 76K 166960K 3732 0 UVM aobj 76 3K 3K 166960K 76 0 pinsyscall 42 84K 103K 166960K 1312 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 2 0 NDP 12 0K 2K 166960K 31 0 temp 40 8635K 8699K 166960K 4354 0 kqueue 14 22K 24K 166960K 35 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 44 0 41 1 0 1 1 0 8 0 rtentry 112 112 0 46 4 0 4 4 0 8 0 unpcb 144 73 0 50 1 0 1 1 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 32 0 28 1 0 1 1 0 8 0 arp 120 18 0 6 1 0 1 1 0 8 0 inpcb 376 218 0 210 8 6 2 8 0 8 1 nd6 136 24 0 9 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1168 1 0 1 1 0 1 1 0 8 1 pffrag 232 2 0 1 1 0 1 1 0 482 0 pffrnode 88 2 0 1 1 0 1 1 0 8 0 pffrent 40 3 0 2 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 27 0 0 1 0 1 1 0 8 0 pfstkey 128 27 0 0 1 0 1 1 0 8 0 pfstate 376 27 0 0 3 0 3 3 0 8 0 pfrule 1344 22 0 17 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 483 0 204 29 2 27 29 0 8 2 art_table 32 484 0 204 4 0 4 4 0 8 0 art_node 16 111 0 52 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 3 1 0 1 1 0 8 0 semapl 112 6 0 1 1 0 1 1 0 8 0 shmpl 112 73 0 0 3 0 3 3 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 1727 0 219 95 0 95 95 0 8 0 ffsino 280 1727 0 219 109 0 109 109 0 8 0 nchpl 144 2050 0 363 63 0 63 63 0 8 0 uvmvnodes 80 1854 0 0 38 0 38 38 0 8 0 vnodes 216 1854 0 0 103 0 103 103 0 8 0 namei 1024 6565 0 6565 3 1 2 2 0 8 2 percpumem 16 49 0 3 1 0 1 1 0 8 0 kstatmem 264 30 0 6 2 0 2 2 0 8 0 scxspl 216 6761 0 6761 3 2 1 2 1 8 1 plimitpl 152 32 0 15 1 0 1 1 0 8 0 sigapl 424 533 0 482 7 1 6 7 0 8 0 futexpl 64 1576 0 1570 1 0 1 1 0 8 0 knotepl 120 286 0 0 9 0 9 9 0 8 0 kqueuepl 216 104 0 93 5 4 1 5 0 8 0 pipepl 328 114 0 87 3 0 3 3 0 8 0 fdescpl 504 514 0 483 5 0 5 5 0 8 0 filepl 152 2282 0 2053 12 2 10 12 0 8 1 lockfpl 104 31 0 29 1 0 1 1 0 8 0 lockfspl 48 13 0 11 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 34 0 17 1 0 1 1 0 8 0 ucredpl 104 134 0 121 1 0 1 1 0 8 0 zombiepl 144 498 0 496 1 0 1 1 0 8 0 processpl 1168 533 0 482 5 1 4 5 0 8 0 procpl 656 729 0 662 6 0 6 6 0 8 0 srpgc 96 6 0 6 2 1 1 1 0 8 1 sockpl 688 338 0 303 9 5 4 9 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 114 0 0 15 0 15 15 0 8 0 mcl2k 2048 18 0 0 3 0 3 3 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 137 0 0 9 0 9 9 0 8 0 bufpl 280 2611 0 131 178 0 178 178 0 8 0 anonpl 24 111066 0 104320 42 1 41 41 0 184 0 amapchunkpl 152 11430 0 10871 23 0 23 23 0 158 0 amappl16 200 2315 0 2099 13 1 12 12 0 8 0 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 107 0 95 1 0 1 1 0 8 0 amappl13 176 5 0 5 2 2 0 1 0 8 0 amappl12 168 1161 0 1129 4 2 2 3 0 8 0 amappl11 160 51 0 37 1 0 1 1 0 8 0 amappl10 152 9 0 8 1 0 1 1 0 8 0 amappl9 144 244 0 244 1 1 0 1 0 8 0 amappl8 136 22 0 20 1 0 1 1 0 8 0 amappl7 128 113 0 101 1 0 1 1 0 8 0 amappl6 120 184 0 181 1 0 1 1 0 8 0 amappl5 112 139 0 129 1 0 1 1 0 8 0 amappl4 104 311 0 293 1 0 1 1 0 8 0 amappl3 96 1928 0 1805 4 0 4 4 0 8 0 amappl2 88 634 0 570 2 0 2 2 0 8 0 amappl1 80 8068 0 7494 13 1 12 13 0 8 0 amappl 88 3355 0 3168 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 75 0 0 2 0 2 2 0 8 0 uaddrrnd 24 514 0 483 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 514 0 483 1 0 1 1 0 8 0 vmmpekpl 168 5955 0 5920 2 0 2 2 0 8 0 vmmpepl 168 38370 0 36292 93 0 93 93 0 357 0 vmsppl 456 513 0 483 5 1 4 5 0 8 0 rwobjpl 64 15927 0 12855 50 0 50 50 0 8 0 pdppl 4096 1036 0 966 100 28 72 86 0 8 2 pvpl 32 14938 0 0 123 2 121 121 0 265 0 pmappl 248 513 0 483 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 275 0 35 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff800035cd14a8,ffff8000348c8b10,ffff8000348c8a60) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff8000348c8b10) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff8000348c8b10) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x95de7cc61d0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029aabff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x6f826f26a220, count: -3