kernel: protection fault trap, code=0
Stopped at      sys_semop+0x45b:        movzwl  0(%rax),%r15d
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
sys_semop(ffff8000fffeca58,ffff800037280780,ffff8000372806d0) at sys_semop+0x45b sys/kern/sysv_sem.c:615
syscall(ffff800037280780) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline]
syscall(ffff800037280780) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe21e507f090, count: -3
ddb{1}> show registers
rdi                                0
rsi                                0
rbp               0xffff8000372806a0
rbx                                0
rdx                                0
rcx               0xffff8000fffeca58
rax               0xdeadbeefdeadbeef
r8                    0x7f7fffffc000
r9                               0x1
r10               0x53e4fe8fd343a61b
r11               0x71a2300d9bbf5519
r12               0xffff8000013e4c04
r13                                0
r14               0xffff800037280780
r15                                0
rip               0xffffffff82afbfbb    sys_semop+0x45b
cs                               0x8
rflags                       0x10246    __ALIGN_SIZE+0xf246
rsp               0xffff800037280580
ss                              0x10
sys_semop+0x45b:        movzwl  0(%rax),%r15d
ddb{1}> show proc
PROC (syz-executor) tid=211295 pid=45040 tcnt=4 stat=onproc
    flags process=10<SUGID> proc=4000000<THREAD>
    runpri=50, usrpri=50, slppri=32, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff8000fffecf68,0xffff8000fffed488
    process=0xffff8000fffe68d0 user=0xffff80003727b000, vmspace=0xfffffd806a7ab728
    estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 45040   85213  86348  60928  3        0x10  futex         syz-executor
*45040  211295  86348  60928  7   0x4000010                syz-executor
 45040  259762  86348  60928  2   0x4000010                syz-executor
 45040  258645  86348  60928  3   0x4000090  fsleep        syz-executor
 31052  452340  29102      0  3        0x80  fsleep        syz-executor
 31052  208205  29102      0  3   0x4000080  fifor         syz-executor
 83062  162588  15849      0  3        0x80  fsleep        syz-executor
 83062   76471  15849      0  3   0x4000080  fifow         syz-executor
 77815   72790  87261      0  3        0x80  fsleep        syz-executor
 77815  251546  87261      0  3   0x4000080  ttyout        syz-executor
   936   21959  59212      0  3        0x80  fsleep        syz-executor
   936  381987  59212      0  3   0x4000080  fsleep        syz-executor
   936  320161  59212      0  3   0x4000080  kqsel         syz-executor
 99665  147067  84563      0  3         0x2  biowait       syz-executor
 92338  354591      0      0  3     0x14280  nfsidl        nfsio
 84328  446249      0      0  3     0x14280  nfsidl        nfsio
 49657  193203      0      0  3     0x14280  nfsidl        nfsio
  4132  108851      0      0  3     0x14280  nfsidl        nfsio
 39544  200564      0      0  3     0x14280  nfsidl        nfsio
 23232  524166      0      0  3     0x14280  nfsidl        nfsio
  8898    5509      0      0  3     0x14280  nfsidl        nfsio
 48160  145301      0      0  3     0x14280  nfsidl        nfsio
  6356  422218      0      0  3     0x14280  nfsidl        nfsio
 88522   49184      0      0  3     0x14280  nfsidl        nfsio
 97217   37675      0      0  3     0x14280  nfsidl        nfsio
 70877  266391      0      0  3     0x14280  nfsidl        nfsio
 45352  119167      0      0  3     0x14280  nfsidl        nfsio
 28841    6426      0      0  3     0x14280  nfsidl        nfsio
 37570  112141      0      0  3     0x14280  nfsidl        nfsio
 17890  140571      0      0  3     0x14280  nfsidl        nfsio
 59612  173104      0      0  3     0x14280  nfsidl        nfsio
 30411  271509      0      0  3     0x14280  nfsidl        nfsio
 97228  387821      0      0  3     0x14280  nfsidl        nfsio
 94767   76341      0      0  3     0x14280  nfsidl        nfsio
 40874  331569      1      0  3    0x100083  ttyin         getty
 47531  130234      0      0  3     0x14200  acct          acct
 85034  477999  84563      0  3        0x82  wait          syz-executor
 93244  280640      0      0  3     0x14200  bored         sosplice
 15849   60529  84563      0  3        0x82  nanoslp       syz-executor
 82208  384108  84563      0  7         0x2                syz-executor
 29102  138772  84563      0  3        0x82  nanoslp       syz-executor
 86348  197115  84563      0  3        0x82  nanoslp       syz-executor
 59212  305385  84563      0  3        0x82  nanoslp       syz-executor
 87261  176348  84563      0  3        0x82  nanoslp       syz-executor
 84563  479899  47455      0  3        0x82  nanoslp       syz-executor
 47455  264230  79880      0  3    0x10008a  sigsusp       ksh
 79880  308028  65560      0  3        0x98  kqread        sshd-session
 65560  421929  86310      0  3        0x92  kqread        sshd-session
 86310  399980      1      0  3        0x88  kqread        sshd
 98719  494359  43395     74  3   0x1100092  bpf           pflogd
 43395  206396      1      0  3        0x80  sbwait        pflogd
  9045  351880  34301     73  3   0x1100090  kqread        syslogd
 34301  111659      1      0  3    0x100082  sbwait        syslogd
 29592  442045      1      0  3    0x100080  kqread        resolvd
 77575   84980  11154     77  3    0x100092  kqread        dhcpleased
 61870  172998  11154     77  3    0x100092  kqread        dhcpleased
 11154  263421      1      0  3        0x80  kqread        dhcpleased
 47281  382375      0      0  3     0x14200  bored         smr
 84609  456698      0      0  2     0x14200                zerothread
 73432  407635      0      0  3     0x14200  aiodoned      aiodoned
 91615  413658      0      0  3     0x14200  syncer        update
 40985  349279      0      0  3     0x14200  cleaner       cleaner
 57663  466310      0      0  3     0x14200  reaper        reaper
 27602  200507      0      0  3     0x14200  pgdaemon      pagedaemon
 32420  231322      0      0  3     0x14200  bored         viomb
 57358  290443      0      0  3  0x40014200  acpi0         acpi0
 41356  364575      0      0  3  0x40014200                idle1
 83928  371660      0      0  3     0x14200  bored         softnet3
 50153  232674      0      0  3     0x14200  bored         softnet2
 94629  203179      0      0  3     0x14200  bored         softnet1
 36140  326025      0      0  3     0x14200  bored         softnet0
 34087  108476      0      0  3     0x14200  bored         systqmp
 53816  271771      0      0  3     0x14200  bored         systq
 26561  130292      0      0  3     0x14200  tmoslp        softclockmp
 54434   95268      0      0  3  0x40014200  tmoslp        softclock
  2505  446703      0      0  3  0x40014200                idle0
     1  175969      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
Process 45040 (syz-executor) thread 0xffff8000fffeca58 (211295)
Process 45040 (syz-executor) thread 0xffff8000fffed478 (259762)
Process 99665 (syz-executor) thread 0xffff8000ffffd6d8 (147067)
Process 82208 (syz-executor) thread 0xffff80002a0516e0 (384108)
ddb{1}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10230  11132K   11586K 166960K     14393        0
            pcb    18     20K      22K 166960K       397        0
         rtable   203      8K       9K 166960K       668        0
             pf    42     19K      23K 166960K       145        0
         ifaddr    37      6K       8K 166960K       101        0
        ifgroup    51      2K       2K 166960K       165        0
         sysctl     4      1K       1K 166960K         8        0
       counters    62     36K      36K 166960K       132        0
       ioctlops     0      0K       4K 166960K      1718        0
            iov     0      0K      22K 166960K       211        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1616    101K     102K 166960K      3686        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      1K       9K 166960K        24        0
         VM map     2      1K       1K 166960K         2        0
            sem    12      0K       0K 166960K       223        0
        dirhash    12      2K       3K 166960K        51        0
           ACPI  1690    195K     286K 166960K     12468        0
      file desc    17     61K      93K 166960K      2123        0
          sigio     0      0K       0K 166960K        31        0
           proc    73     91K     128K 166960K       802        0
        subproc   104      6K       6K 166960K       146        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     0      0K       0K 166960K       211        0
       in_multi    84      6K       7K 166960K       209        0
    ether_multi     1      0K       0K 166960K         4        0
            mrt     0      0K       0K 166960K         4        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys   265   1182K    1182K 166960K       265        0
           exec     0      0K       1K 166960K       571        0
   fusefs mount     1     32K      32K 166960K         1        0
     pfkey data     0      0K       0K 166960K         3        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   235     73K      87K 166960K     21604        0
       UVM aobj    62      7K       7K 166960K        69        0
     pinsyscall    42     84K     104K 166960K      3327        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     0      0K       0K 166960K        84        0
            NDP    11      0K       2K 166960K        70        0
           temp    80   6828K    6905K 166960K     97872        0
         kqueue    14     22K      30K 166960K       328        0
      SYN cache     2     10K      18K 166960K         3        0
ddb{1}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       24    0        0     1     0     1     1     0     8    0
rtpcb      120      209    0      206     2     1     1     2     0     8    0
rtentry    112      207    0      120     4     0     4     4     0     8    0
unpcb      144     1697    0     1676    19    18     1     6     0     8    0
syncache   336       13    0       13     5     5     0     1     0     8    0
tcpqe       32        4    0        4     2     2     0     1     0     8    0
tcpcb      808      760    0      721    27    23     4     8     0     8    0
arp        120       38    0       24     1     0     1     1     0     8    0
inpcb      336     3114    0     3031    51    44     7    19     0     8    0
nd6        136       40    0       16     1     0     1     1     0     8    0
pkpcb       40       12    0       12     7     7     0     1     0     8    0
kcovpl      48       11    0        3     1     0     1     1     0     8    0
ppxss      1168      16    0       16     5     5     0     1     0     8    0
pfstscr     40        2    0        2     2     2     0     1     0     8    0
pffrag     232       12    0        7     1     0     1     1     0   482    0
pffrnode    88       11    0        6     1     0     1     1     0     8    0
pffrent     40       23    0       18     1     0     1     1     0     8    0
pfosfp      40     1428    0     1005     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfrktable  1344       1    0        0     1     0     1     1     0     8    0
pfanchor   1288       2    0        1     2     1     1     1     0     8    0
pftag       88        3    0        0     1     0     1     1     0     8    0
pfstitem    24      170    0       92     1     0     1     1     0     8    0
pfstkey    128      182    0      104     3     0     3     3     0     8    0
pfstate    376      172    0       97     9     0     9     9     0     8    0
pfrule     1344      98    0       89     2     1     1     2     0     8    0
art_heap8  4096       4    0        0     4     0     4     4     0     8    0
art_heap4  256      779    0      423    31     5    26    29     0     8    0
art_table   32      783    0      423     4     0     4     4     0     8    0
art_node    16      197    0      123     1     0     1     1     0     8    0
sysvmsgpl   40       15    0        7     1     0     1     1     0     8    0
semapl     112      218    0      209     1     0     1     1     0     8    0
shmpl      112       66    0        7     2     0     2     2     0     8    0
dirhash    1024      44    0       27     3     0     3     3     0     8    0
dino2pl    256     5215    0     3714    95     0    95    95     0     8    0
ffsino     272     5215    0     3714   101     0   101   101     0     8    0
nchpl      144     8306    0     6612    64     0    64    64     0     8    0
uvmvnodes   80     5926    0        0   121     0   121   121     0     8    0
vnodes     216     5926    0        0   330     0   330   330     0     8    0
namei      1024   29244    0    29243     9     8     1     2     0     8    0
percpumem   16       80    0       35     1     0     1     1     0     8    0
kstatmem   264       92    0       70     2     0     2     2     0     8    0
scsiplug    72        9    0        9     4     3     1     1     0     8    1
scxspl     216    23576    0    23575    14    13     1     8     1     8    0
plimitpl   152      428    0      410     1     0     1     1     0     8    0
sigapl     424     2450    0     2379    10     1     9     9     0     8    0
futexpl     64    38640    0    38633     1     0     1     1     0     8    0
knotepl    120      601    0        0    17     0    17    17     0     8    0
kqueuepl   216      661    0      650     8     7     1     5     0     8    0
pipepl     320      457    0      429    10     7     3     8     0     8    0
fdescpl    496     2409    0     2378     5     0     5     5     0     8    0
filepl     152    17761    0    17434    49    36    13    19     0     8    0
lockfpl    104      757    0      751     2     1     1     2     0     8    0
lockfspl    48      273    0      268     1     0     1     1     0     8    0
sessionpl  144       36    0       27     1     0     1     1     0     8    0
pgrppl      48      115    0       98     1     0     1     1     0     8    0
ucredpl    104     3206    0     3191     1     0     1     1     0     8    0
zombiepl   144     2533    0     2532     3     2     1     1     0     8    0
processpl  1160    2450    0     2379     7     1     6     6     0     8    0
procpl     648     5654    0     5575     8     0     8     8     0     8    0
srpgc       96       13    0       13     5     5     0     1     0     8    0
sosppl     168        9    0        9     3     3     0     1     0     8    0
sockpl     664     5093    0     4986    76    67     9    24     0     8    0
mcl64k     65536      5    0        0     1     0     1     1     0     8    0
mcl16k     16384      3    0        0     1     0     1     1     0     8    0
mcl12k     12288      1    0        0     1     0     1     1     0     8    0
mcl9k      9216       2    0        0     1     0     1     1     0     8    0
mcl8k      8192       6    0        0     1     0     1     1     0     8    0
mcl4k      4096     140    0        0    18     0    18    18     0     8    0
mcl2k      2048      48    0        0     5     0     5     5     0     8    0
mtagpl      96      116    0        0     3     0     3     3     0     8    0
mbufpl     256      463    0        0    27     0    27    27     0     8    0
bufpl      280     7454    0     1280   442     0   442   442     0     8    0
anonpl      24   364422    0   355897   117    40    77    77     0   185    0
amapchunkpl 152   70742    0    70180    58    33    25    32     0   158    0
amappl16   200     9057    0     8795    81    56    25    25     0     8    0
amappl15   192        8    0        8     1     1     0     1     0     8    0
amappl14   184      162    0      150     1     0     1     1     0     8    0
amappl13   176       10    0        9     1     0     1     1     0     8    0
amappl12   168     3112    0     3082     3     1     2     2     0     8    0
amappl11   160       57    0       43     1     0     1     1     0     8    0
amappl10   152        8    0        8     1     1     0     1     0     8    0
amappl9    144      133    0      133     1     1     0     1     0     8    0
amappl8    136       24    0       21     1     0     1     1     0     8    0
amappl7    128      121    0      108     1     0     1     1     0     8    0
amappl6    120      215    0      213     1     0     1     1     0     8    0
amappl5    112      156    0      144     1     0     1     1     0     8    0
amappl4    104      374    0      355     1     0     1     1     0     8    0
amappl3     96    13084    0    12991     3     0     3     3     0     8    0
amappl2     88     2796    0     2711     3     0     3     3     0     8    0
amappl1     80    16229    0    15667    18     4    14    16     0     8    0
amappl      88    21007    0    20834     5     0     5     5     0    92    0
dma65536   65536      1    0        1     1     1     0     1     0     8    0
dma32768   32768      1    0        1     1     1     0     1     0     8    0
dma8192    8192       1    0        1     1     1     0     1     0     8    0
dma4096    4096       3    0        3     3     3     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        7    0        7     2     2     0     1     0     8    0
dma128     128      254    0      254     2     2     0     1     0     8    0
dma64       64        7    0        7     2     2     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       19    0       18     1     0     1     1     0     8    0
aobjpl      72       68    0        7     2     0     2     2     0     8    0
uaddrrnd    24     2409    0     2378     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     2409    0     2378     1     0     1     1     0     8    0
vmmpekpl   168    19835    0    19786     3     0     3     3     0     8    0
vmmpepl    168   154083    0   151997   130    27   103   103     0   357    1
vmsppl     448     2408    0     2378     6     2     4     5     0     8    0
rwobjpl     56    48452    0    41296   106     2   104   104     0     8    0
pdppl      4096    4825    0     4756   131    60    71    85     0     8    2
pvpl        32    19808    0        0   160     0   160   160     0   265    0
pmappl     248     2408    0     2378     3     0     3     3     0     8    0
extentpl    40       55    0       38     1     0     1     1     0     8    0
phpool     112      530    0      160    12     0    12    12     0     8    0
ddb{1}> machine ddbcpu 0
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff834f2ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153
__mp_lock(ffffffff835a0960) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff835a0960) at __mp_lock+0x1a3 sys/kern/kern_lock.c:144
intr_handler(ffff80002a1165f0,ffff800000079f80) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:553
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
__mp_lock(ffffffff835a0960) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff835a0960) at __mp_lock+0x1a3 sys/kern/kern_lock.c:144
__mp_acquire_count(ffffffff835a0960,1) at __mp_acquire_count+0x58
mi_switch() at mi_switch+0x4b7 sys/kern/sched_bsd.c:441
yield() at yield+0x6a sys/kern/sched_bsd.c:320
pool_get(ffffffff8355b570,1) at pool_get+0x242 sys/kern/subr_pool.c:589
uvm_mapent_alloc(fffffd806a7abe28,0) at uvm_mapent_alloc+0x35a
uvm_map_mkentry(fffffd806a7abe28,fffffd8079e91610,fffffd8079e91610,f039d8f0000,1000,0,98d89c737e6798da,1000) at uvm_map_mkentry+0x87
uvm_mapent_clone(fffffd806a7abe28,f039d8f0000,1000,0,0,7,3b8114a191e56026,fffffd8074dd1c18,ffff80002a116aa8,fffffd806a7abe28) at uvm_mapent_clone+0xba sys/uvm/uvm_map.c:3549
uvm_mapent_forkcopy(1,fffffd806a7abe28,fffffd806c4b08d8,fffffd8074dd1c18,ffff80002a116aa8) at uvm_mapent_forkcopy+0x6e sys/uvm/uvm_map.c:3641
uvmspace_fork(ffff800029fe9228) at uvmspace_fork+0x2bb sys/uvm/uvm_map.c:3844
process_new(ffff8000fffedc10,ffff800029fe9228,1) at process_new+0x553 sys/kern/kern_fork.c:279
fork1(ffff80002a0516e0,1,ffffffff81c62080,0,ffff80002a116c80,0) at fork1+0x3ea sys/kern/kern_fork.c:405
syscall(ffff80002a116d30) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline]
syscall(ffff80002a116d30) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x746c3e56cf40, count: -21
ddb{0}> machine ddbcpu 1
Stopped at      sys_semop+0x45b:        movzwl  0(%rax),%r15d
ddb{1}> trace
sys_semop(ffff8000fffeca58,ffff800037280780,ffff8000372806d0) at sys_semop+0x45b sys/kern/sysv_sem.c:615
syscall(ffff800037280780) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline]
syscall(ffff800037280780) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe21e507f090, count: -3