ØÓÒ ÷ëN›¼0kernel: protection fault trap, code=0 Stopped at sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_semop(ffff8000357eafb8,ffff80003c41a350,ffff80003c41a2a0) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003c41a350) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c41a350) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe070d71b0e0, count: -3 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80003c41a270 rbx 0xdeaf4152deaf4152 rdx 0 rcx 0xffff8000357eafb8 rax 0xdeaf4152deaf4152 r8 0x7f7fffffc000 r9 0 r10 0xd25146ce38d17dc2 r11 0x4116d379c4cd128f r12 0 r13 0xfffffd806c053ee0 r14 0xffff80003c41a350 r15 0 rip 0xffffffff83025ab5 sys_semop+0x3d5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c41a180 ss 0x10 sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb{0}> show proc PROC (syz-executor) tid=153137 pid=57132 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000357ea028,0xffff80002a2714e8 process=0xffff80003b4079e8 user=0xffff80003c415000, vmspace=0xfffffd806da655e0 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 57132 125145 38665 0 7 0 syz-executor *57132 153137 38665 0 7 0x4000000 syz-executor 57132 107866 38665 0 2 0x4000080 syz-executor 88869 368752 74222 0 3 0x82 sysctllk sshd-session 51776 162832 87729 0 3 0x80 nanoslp syz-executor 51776 421393 87729 0 3 0x4000080 sbwait syz-executor 51776 5492 87729 0 3 0x4000080 fsleep syz-executor 52740 8787 74222 0 3 0x82 sysctllk sshd-session 66048 229106 64457 0 3 0x80 nanoslp syz-executor 66048 155094 64457 0 3 0x4000080 sbwait syz-executor 65344 502813 20857 0 3 0x80 nanoslp syz-executor 65344 245466 20857 0 3 0x4000080 sysctllk syz-executor 18380 417199 25756 0 3 0x80 nanoslp syz-executor 18380 424570 25756 0 3 0x4000080 kqsel syz-executor 18380 92158 25756 0 3 0x4000080 fsleep syz-executor 18380 78710 25756 0 3 0x4000080 fsleep syz-executor 20942 240719 44528 0 3 0x80 nanoslp syz-executor 20942 506285 44528 0 3 0x4000080 sysctllk syz-executor 20942 138605 44528 0 3 0x4000080 sysctllk syz-executor 86781 461566 39762 0 3 0x80 nanoslp syz-executor 86781 250306 39762 0 3 0x4000080 sysctllk syz-executor 86781 462973 39762 0 3 0x4000080 fsleep syz-executor 70592 143564 0 0 3 0x14200 acct acct 80269 343463 42700 0 3 0 vmmapbsy syz-executor 80269 147939 42700 0 3 0x4000000 vmmapbsy syz-executor 80269 186989 42700 0 3 0x4000000 fltagain2 syz-executor 43039 219222 0 0 3 0x14200 bored sosplice 20857 223787 70955 0 3 0x82 nanoslp syz-executor 38665 308122 70955 0 3 0x82 nanoslp syz-executor 64457 394323 70955 0 3 0x82 nanoslp syz-executor 44528 413298 70955 0 3 0x82 nanoslp syz-executor 25756 281738 70955 0 3 0x82 nanoslp syz-executor 39762 192882 70955 0 3 0x82 nanoslp syz-executor 87729 419179 70955 0 3 0x82 nanoslp syz-executor 42700 384999 70955 0 3 0x82 wait syz-executor 70955 342287 71042 0 3 0x82 kqread syz-executor 71042 361702 6528 0 3 0x10008a sigsusp ksh 6528 510488 2025 0 3 0x98 kqread sshd-session 2025 131279 74222 0 3 0x92 kqread sshd-session 31349 203596 1 0 3 0x100083 ttyopn getty 74222 331217 1 0 3 0x88 kqread sshd 48917 164285 52810 74 3 0x1100092 bpf pflogd 52810 330922 1 0 3 0x80 sbwait pflogd 61186 28527 36717 73 3 0x1100090 kqread syslogd 36717 447551 1 0 3 0x100082 sbwait syslogd 94093 457222 1 0 3 0x100080 kqread resolvd 38494 201904 43330 77 3 0x100092 kqread dhcpleased 40494 46684 43330 77 3 0x100092 kqread dhcpleased 43330 466186 1 0 3 0x80 kqread dhcpleased 2659 259656 0 0 3 0x14200 bored smr 95192 405569 0 0 3 0x14200 pgzero zerothread 16634 184292 0 0 3 0x14200 aiodoned aiodoned 36659 247218 0 0 3 0x14200 syncer update 32941 383327 0 0 3 0x14200 cleaner cleaner 77878 433313 0 0 3 0x14200 reaper reaper 6367 144666 0 0 3 0x14200 pgdaemon pagedaemon 34143 324250 0 0 3 0x14200 bored viomb 36388 477876 0 0 3 0x40014200 acpi0 acpi0 28290 268735 0 0 3 0x40014200 idle1 57634 80571 0 0 3 0x14200 bored softnet1 34270 299476 0 0 3 0x14200 bored softnet0 83495 484768 0 0 3 0x14200 smrbar systqmp 76235 127510 0 0 3 0x14200 bored systq 87339 158148 0 0 3 0x14200 tmoslp softclockmp 35324 304249 0 0 3 0x40014200 tmoslp softclock 66188 249777 0 0 3 0x40014200 idle0 1 198625 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 57132 (syz-executor) thread 0xffff8000357eafb8 (153137) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839d3030) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 pool_get+0x27e sys/kern/subr_pool.c:591 #3 _rw_obj_alloc_flags+0x4d sys/kern/kern_rwlock.c:713 #4 amap_alloc+0xd6 sys/uvm/uvm_amap.c:-1 #5 amap_copy+0x6ac sys/uvm/uvm_amap.c:569 #6 uvm_fault_check+0x483 sys/uvm/uvm_fault.c:753 #7 uvm_fault+0x106 sys/uvm/uvm_fault.c:633 #8 kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283 #9 kerntrap+0x198 sys/arch/amd64/amd64/trap.c:491 #10 alltraps_kern_meltdown+0x7b #11 _copyin+0x5b #12 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #12 syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 #13 Xsyscall+0x128 Process 80269 (syz-executor) thread 0xffff80002a270d10 (147939) exclusive rrwlock inode r = 0 (0xfffffd8068fb2a20) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x18f sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x242 sys/kern/sys_generic.c:380 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 #9 Xsyscall+0x128 Process 80269 (syz-executor) thread 0xffff80002a270548 (186989) exclusive rwlock sysctllk r = 0 (0xffffffff83857158) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 sysctl_vslock+0x45 sys/kern/kern_sysctl.c:191 #3 kern_sysctl+0xd17 sys/kern/kern_sysctl.c:726 #4 sys_sysctl+0x3e5 sys/kern/kern_sysctl.c:-1 #5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 #6 Xsyscall+0x128 Process 83495 (systqmp) thread 0xffff8000ffffe000 (484768) shared rwlock systqmp r = 0 (0xffffffff83867e18) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 taskq_thread+0x12a sys/kern/kern_task.c:442 #2 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10195 11025K 11177K 166960K 11418 0 pcb 17 12K 12K 166960K 57 0 rtable 244 9K 9K 166960K 427 0 pf 39 18K 22K 166960K 64 0 ifaddr 44 7K 8K 166960K 57 0 ifgroup 55 2K 2K 166960K 71 0 sysctl 1 1K 9K 166960K 6 0 counters 68 36K 37K 166960K 80 0 ioctlops 0 0K 4K 166960K 1517 0 iov 0 0K 16K 166960K 45 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1375 86K 87K 166960K 1562 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 5 0 VM map 2 1K 1K 166960K 2 0 sem 11 0K 0K 166960K 20 0 dirhash 12 2K 2K 166960K 21 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 89K 166960K 312 0 sigio 0 0K 0K 166960K 10 0 proc 72 115K 164K 166960K 547 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 1 0K 0K 166960K 29 0 in_multi 99 7K 7K 166960K 117 0 ether_multi 1 0K 0K 166960K 5 0 mrt 0 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 402 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 272 153K 166K 166960K 4871 0 UVM aobj 5 2K 2K 166960K 5 0 pinsyscall 47 94K 105K 166960K 1466 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 16 0 NDP 12 0K 1K 166960K 32 0 temp 43 8647K 8718K 166960K 10460 0 kqueue 13 20K 26K 166960K 56 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 84 0 81 2 0 2 2 0 8 1 rtentry 176 127 0 22 6 0 6 6 0 8 0 unpcb 144 162 0 141 2 1 1 2 0 8 0 syncache 336 5 0 5 2 1 1 1 0 8 1 tcpcb 736 61 0 52 1 0 1 1 0 8 0 arp 136 20 0 1 1 0 1 1 0 8 0 inpcb 328 397 0 384 7 0 7 7 0 8 5 nd6 152 26 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 0 1 1 0 8 1 ppxss 1192 3 0 3 1 0 1 1 0 8 1 pppxif 1504 1 0 1 1 0 1 1 0 8 1 pffrag 232 2 0 0 1 0 1 1 0 482 0 pffrnode 88 2 0 0 1 0 1 1 0 8 0 pffrent 40 2 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 2 0 1 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 32 0 1 1 0 1 1 0 8 0 pfstkey 128 32 0 1 2 0 2 2 0 8 0 pfstate 384 32 0 1 4 0 4 4 0 8 0 pfrule 1344 25 0 17 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 569 0 128 31 0 31 31 0 8 3 art_table 40 572 0 128 5 0 5 5 0 8 0 art_node 32 127 0 32 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 0 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 16 0 8 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 23 0 6 3 0 3 3 0 8 0 dino2pl 256 1956 0 442 96 0 96 96 0 8 0 ffsino 296 1956 0 442 118 0 118 118 0 8 0 nchpl 144 2420 0 721 64 0 64 64 0 8 0 rtmask 32 1 0 1 1 1 0 1 0 8 0 vnodes 216 2137 0 0 119 0 119 119 0 8 0 namei 1024 7555 0 7555 4 1 3 3 0 8 3 percpumem 16 55 0 6 1 0 1 1 0 8 0 kstatmem 264 34 0 8 2 0 2 2 0 8 0 scxspl 216 10366 0 10366 10 4 6 8 1 8 6 plimitpl 152 57 0 39 1 0 1 1 0 8 0 sigapl 424 630 0 578 7 1 6 7 0 8 0 knotepl 120 307 0 0 10 0 10 10 0 8 0 kqueuepl 224 80 0 70 1 0 1 1 0 8 0 pipepl 344 130 0 103 3 0 3 3 0 8 0 fdescpl 528 612 0 578 3 0 3 3 0 8 0 filepl 160 3062 0 2831 13 0 13 13 0 8 2 lockfpl 104 95 0 93 1 0 1 1 0 8 0 lockfspl 48 31 0 29 1 0 1 1 0 8 0 sessionpl 144 24 0 13 1 0 1 1 0 8 0 pgrppl 48 32 0 13 1 0 1 1 0 8 0 ucredpl 104 381 0 368 1 0 1 1 0 8 0 zombiepl 144 713 0 713 1 0 1 1 0 8 1 processpl 1232 630 0 578 6 1 5 5 0 8 0 procpl 664 993 0 926 8 1 7 7 0 8 1 sosppl 168 3 0 3 1 0 1 1 0 8 1 sockpl 752 656 0 619 12 0 12 12 0 8 7 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 110 0 0 14 0 14 14 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 36 0 0 5 0 5 5 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 217 0 0 14 0 14 14 0 8 0 bufpl 280 3886 0 133 269 0 269 269 0 8 0 anonpl 32 7923 0 0 64 0 64 64 0 246 0 amapchunkpl 152 15029 0 14488 30 0 30 30 0 158 8 amappl16 200 2631 0 2583 22 9 13 16 0 8 8 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 20 0 20 3 2 1 1 0 8 1 amappl13 176 436 0 435 1 0 1 1 0 8 0 amappl12 168 983 0 938 3 0 3 3 0 8 0 amappl11 160 10 0 10 1 1 0 1 0 8 0 amappl10 152 46 0 32 1 0 1 1 0 8 0 amappl9 144 254 0 254 1 1 0 1 0 8 0 amappl8 136 41 0 39 1 0 1 1 0 8 0 amappl7 128 83 0 82 1 0 1 1 0 8 0 amappl6 120 282 0 266 1 0 1 1 0 8 0 amappl5 112 80 0 68 1 0 1 1 0 8 0 amappl4 104 428 0 396 1 0 1 1 0 8 0 amappl3 96 2408 0 2307 4 1 3 3 0 8 0 amappl2 88 731 0 645 2 0 2 2 0 8 0 amappl1 80 10130 0 9470 17 2 15 15 0 8 0 amappl 88 4096 0 3915 5 0 5 5 0 92 0 uvmvnodes 80 2137 0 0 44 0 44 44 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 4 0 0 1 0 1 1 0 8 0 uaddrrnd 24 612 0 578 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 612 0 578 1 0 1 1 0 8 0 vmmpekpl 168 6840 0 6803 3 0 3 3 0 8 0 vmmpepl 168 47504 0 45359 103 3 100 100 0 357 5 vmsppl 488 611 0 578 6 1 5 5 0 8 0 rwobjpl 80 18493 0 15312 69 2 67 67 0 8 0 pdppl 4096 1231 0 1156 107 32 75 83 0 8 0 pvpl 32 15112 0 0 122 0 122 122 0 265 0 pmappl 256 611 0 578 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 289 0 36 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_semop(ffff8000357eafb8,ffff80003c41a350,ffff80003c41a2a0) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003c41a350) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c41a350) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe070d71b0e0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x7aae039b8170, count: -3