kernel: protection fault trap, code=0 Stopped at sys_semop+0x45b: movzwl 0(%rax),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_semop(ffff80003813a028,ffff800035d11630,ffff800035d11580) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff800035d11630) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800035d11630) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2781c74cb90, count: -3 ddb> show registers rdi 0 rsi 0 rbp 0xffff800035d11550 rbx 0 rdx 0 rcx 0 rax 0xdeadbeefdeadbeef r8 0x7f7fffffc000 r9 0 r10 0x18b822ca3589be03 r11 0xc174c9e47ccbc15 r12 0xffff800001572104 r13 0 r14 0xffff800035d11630 r15 0 rip 0xffffffff8163e87b sys_semop+0x45b cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800035d11430 ss 0x10 sys_semop+0x45b: movzwl 0(%rax),%r15d ddb> show proc PROC (syz-executor) tid=18571 pid=84948 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=82, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003813b4a8,0xffff80003813aa78 process=0xffff8000ffff5fd0 user=0xffff800035d0c000, vmspace=0xfffffd806c2aa9e8 estcpu=32, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 92886 28938 15688 0 2 0 syz-executor 92886 123760 15688 0 3 0x4000080 fsleep syz-executor 1643 516036 94715 0 2 0 syz-executor 1643 211885 94715 0 3 0x4000080 fsleep syz-executor 19554 65939 47038 0 2 0 syz-executor 84948 394293 60537 0 2 0 syz-executor *84948 18571 60537 0 7 0x4000000 syz-executor 84948 15936 60537 0 3 0x4000080 fsleep syz-executor 38331 138123 41160 0 2 0 syz-executor 38331 455051 41160 0 3 0x4000080 fsleep syz-executor 32582 479019 77412 0 3 0 vmmaplk syz-executor 32582 213565 77412 0 2 0x4000000 syz-executor 32582 440921 77412 0 3 0x4000000 vmmaplk syz-executor 94715 104558 75750 0 3 0x82 nanoslp syz-executor 15688 149606 75750 0 3 0x82 nanoslp syz-executor 18825 454430 0 0 3 0x14200 bored sosplice 77412 60376 75750 0 3 0x82 nanoslp syz-executor 41160 524218 75750 0 3 0x82 nanoslp syz-executor 60537 63513 75750 0 3 0x82 nanoslp syz-executor 99278 112541 75750 0 3 0x82 nanoslp syz-executor 47038 106629 75750 0 3 0x82 nanoslp syz-executor 93848 253622 75750 0 3 0x82 wait syz-executor 75750 106135 2279 0 3 0x82 kqread syz-executor 2279 350732 79388 0 3 0x10008a sigsusp ksh 79388 231914 75604 0 3 0x98 kqread sshd-session 75604 402761 39645 0 3 0x92 kqread sshd-session 90694 435615 1 0 3 0x100083 ttyin getty 39645 75502 1 0 3 0x88 kqread sshd 13198 426562 90551 73 3 0x1100090 kqread syslogd 90551 36105 1 0 3 0x100082 sbwait syslogd 14426 184944 1 0 3 0x100080 kqread resolvd 56151 357180 13088 77 3 0x100092 kqread dhcpleased 60777 305382 13088 77 3 0x100092 kqread dhcpleased 13088 24666 1 0 3 0x80 kqread dhcpleased 49929 278442 0 0 3 0x14200 bored smr 41035 187912 0 0 2 0x14200 zerothread 68152 285556 0 0 3 0x14200 aiodoned aiodoned 59251 207665 0 0 3 0x14200 syncer update 22080 381169 0 0 3 0x14200 cleaner cleaner 98515 251221 0 0 3 0x14200 reaper reaper 151 65502 0 0 3 0x14200 pgdaemon pagedaemon 77508 14930 0 0 3 0x14200 bored viomb 55643 519415 0 0 3 0x40014200 acpi0 acpi0 50467 349169 0 0 3 0x14200 bored softnet3 6318 501394 0 0 3 0x14200 bored softnet2 5351 257559 0 0 3 0x14200 bored softnet1 46496 381634 0 0 3 0x14200 bored softnet0 95619 14755 0 0 3 0x14200 bored systqmp 25647 238630 0 0 3 0x14200 bored systq 70960 288707 0 0 3 0x40014200 tmoslp softclock 3125 189923 0 0 3 0x40014200 idle0 1 39905 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10209 11067K 11725K 166960K 13752 0 pcb 18 16K 17K 166960K 332 0 rtable 206 9K 10K 166960K 862 0 pf 35 14K 20K 166960K 170 0 ifaddr 35 6K 8K 166960K 92 0 ifgroup 50 2K 2K 166960K 136 0 sysctl 4 1K 9K 166960K 12 0 counters 32 17K 18K 166960K 81 0 ioctlops 0 0K 4K 166960K 224 0 iov 1 2K 21K 166960K 58 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1466 92K 93K 166960K 2740 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 18 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 119 0 dirhash 12 2K 2K 166960K 30 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 1203 0 sigio 0 0K 0K 166960K 22 0 proc 60 59K 124K 166960K 645 0 subproc 72 4K 4K 166960K 91 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 156 0 in_multi 74 5K 7K 166960K 168 0 ether_multi 1 0K 0K 166960K 8 0 mrt 2 0K 0K 166960K 9 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 241 1076K 1076K 166960K 241 0 exec 0 0K 1K 166960K 475 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 238 151K 169K 166960K 11586 0 UVM aobj 28 2K 4K 166960K 37 0 pinsyscall 39 78K 96K 166960K 2279 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 120 0 NDP 11 0K 2K 166960K 61 0 temp 130 8675K 8799K 166960K 40380 0 kqueue 13 20K 30K 166960K 188 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 169 0 166 3 2 1 3 0 8 0 rtentry 136 269 0 192 4 0 4 4 0 8 0 unpcb 144 1237 0 1188 7 5 2 6 0 8 0 syncache 336 8 0 8 2 1 1 1 0 8 1 tcpqe 32 2 0 2 2 1 1 1 0 8 1 tcpcb 736 407 0 399 10 6 4 10 0 8 2 arp 88 25 0 12 1 0 1 1 0 8 0 ipq 40 5 0 2 1 0 1 1 0 8 0 ipqe 40 8 0 5 1 0 1 1 0 8 0 inpcb 328 1213 0 1200 12 5 7 10 0 8 3 ip6q 72 11 0 2 1 0 1 1 0 8 0 ip6af 40 15 0 5 1 0 1 1 0 8 0 nd6 104 41 0 22 1 0 1 1 0 8 0 pkpcb 40 6 0 5 2 1 1 1 0 8 0 kcovpl 48 10 0 2 1 0 1 1 0 8 0 ppxss 1072 38 0 38 2 1 1 1 0 8 1 pppxif 1384 6 0 6 1 1 0 1 0 8 0 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pfosfp 40 1 0 0 1 0 1 1 0 8 0 pfosfpen 112 1 0 0 1 0 1 1 0 8 0 pfanchor 1288 3 0 0 1 0 1 1 0 8 0 pfstitem 24 5 0 0 1 0 1 1 0 8 0 pfstkey 128 11 0 7 1 0 1 1 0 8 0 pfstate 384 6 0 3 1 0 1 1 0 8 0 pfrule 1344 8 0 7 1 0 1 1 0 8 0 rttmr 136 2 0 2 1 1 0 1 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 926 0 589 43 18 25 43 0 8 1 art_table 40 929 0 589 7 2 5 7 0 8 0 art_node 32 267 0 198 2 0 2 2 0 8 0 sysvmsgpl 40 14 0 7 1 0 1 1 0 8 0 semapl 112 114 0 105 1 0 1 1 0 8 0 shmpl 112 34 0 9 1 0 1 1 0 8 0 dirhash 1024 29 0 12 3 0 3 3 0 8 0 dino2pl 256 3543 0 2047 95 0 95 95 0 8 0 ffsino 248 3543 0 2047 95 0 95 95 0 8 0 nchpl 144 5153 0 3469 63 0 63 63 0 8 0 rtmask 32 10 0 10 2 1 1 1 0 8 1 uvmvnodes 80 4562 0 0 94 0 94 94 0 8 0 vnodes 216 4562 0 0 254 0 254 254 0 8 0 namei 1024 19060 0 19060 2 1 1 2 0 8 1 kstatmem 264 80 0 58 2 0 2 2 0 8 0 scsiplug 72 6 0 6 1 1 0 1 0 8 0 scxspl 216 23605 0 23605 8 7 1 8 1 8 1 plimitpl 152 370 0 353 1 0 1 1 0 8 0 sigapl 424 1457 0 1410 7 1 6 7 0 8 0 knotepl 120 146611 0 146564 30 21 9 17 0 8 5 kqueuepl 184 376 0 367 3 2 1 3 0 8 0 pipepl 296 276 0 249 8 5 3 8 0 8 0 fdescpl 440 1435 0 1405 5 1 4 5 0 8 0 filepl 120 10291 0 10034 20 7 13 17 0 8 5 lockfpl 104 943 0 940 2 1 1 2 0 8 0 lockfspl 48 440 0 437 1 0 1 1 0 8 0 sessionpl 144 28 0 20 1 0 1 1 0 8 0 pgrppl 48 126 0 110 1 0 1 1 0 8 0 ucredpl 104 1558 0 1546 1 0 1 1 0 8 0 zombiepl 144 1447 0 1445 1 0 1 1 0 8 0 processpl 1160 1457 0 1410 4 0 4 4 0 8 0 procpl 656 3008 0 2954 6 0 6 6 0 8 1 sosppl 168 8 0 8 2 1 1 1 0 8 1 sockpl 528 2662 0 2596 24 17 7 16 0 8 2 mcl64k 65536 55 0 55 2 1 1 1 0 8 1 mcl16k 16384 6 0 6 1 1 0 1 0 8 0 mcl12k 12288 2 0 2 1 1 0 1 0 8 0 mcl8k 8192 15 0 15 2 1 1 1 0 8 1 mcl4k 4096 3799 0 3748 14 7 7 14 0 8 0 mcl2k2 2112 3 0 3 1 1 0 1 0 8 0 mcl2k 2048 1911 0 1888 6 2 4 6 0 8 0 mtagpl 96 47 0 15 1 0 1 1 0 8 0 mbufpl 256 16603 0 16388 61 41 20 46 0 8 2 bufpl 280 9394 0 3167 445 0 445 445 0 8 0 anonpl 24 225939 0 216450 60 0 60 60 0 187 2 amapchunkpl 152 39881 0 39249 37 12 25 36 0 158 0 amappl16 200 4907 0 4625 41 22 19 19 0 8 4 amappl15 192 4 0 3 1 0 1 1 0 8 0 amappl14 184 115 0 105 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 2094 0 2064 2 0 2 2 0 8 0 amappl11 160 46 0 36 1 0 1 1 0 8 0 amappl10 152 7 0 6 1 0 1 1 0 8 0 amappl9 144 255 0 255 1 1 0 1 0 8 0 amappl8 136 22 0 20 1 0 1 1 0 8 0 amappl7 128 103 0 93 1 0 1 1 0 8 0 amappl6 120 189 0 186 1 0 1 1 0 8 0 amappl5 112 117 0 110 1 0 1 1 0 8 0 amappl4 104 315 0 298 1 0 1 1 0 8 0 amappl3 96 7902 0 7792 4 0 4 4 0 8 0 amappl2 88 678 0 622 2 0 2 2 0 8 0 amappl1 80 13580 0 13031 15 1 14 14 0 8 0 amappl 88 10650 0 10476 5 0 5 5 0 92 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 7 0 7 1 1 0 1 0 8 0 dma32 32 8 0 8 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 36 0 9 1 0 1 1 0 8 0 uaddrrnd 24 1435 0 1405 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1435 0 1405 1 0 1 1 0 8 0 vmmpekpl 168 12763 0 12713 3 0 3 3 0 8 0 vmmpepl 168 95528 0 93345 99 1 98 99 0 357 3 vmsppl 360 1434 0 1405 4 1 3 4 0 8 0 rwobjpl 32 30900 0 25195 47 0 47 47 0 8 0 pdppl 4096 2876 0 2810 114 46 68 82 0 8 2 pvpl 32 636746 0 621745 147 10 137 137 0 265 11 pmappl 216 1434 0 1405 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 362 0 128 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_semop(ffff80003813a028,ffff800035d11630,ffff800035d11580) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff800035d11630) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800035d11630) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2781c74cb90, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_semop(ffff80003813a028,ffff800035d11630,ffff800035d11580) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff800035d11630) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800035d11630) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2781c74cb90, count: -3