kernel: protection fault trap, code=0 Stopped at sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_semop(ffff80002a883cc0,ffff80003ca095e0,ffff80003ca09530) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003ca095e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003ca095e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x828595f93b0, count: -3 ddb> show registers rdi 0 rsi 0 rbp 0xffff80003ca09510 rbx 0xdeafbeaddeafbead rdx 0 rcx 0 rax 0xdeafbeaddeafbead r8 0x7f7fffffc000 r9 0x1 r10 0xc168f807df69a784 r11 0xa6290d5d8454153b r12 0 r13 0xfffffd800a24dc40 r14 0xffff80003ca095e0 r15 0 rip 0xffffffff8304aa25 sys_semop+0x3d5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003ca09420 ss 0x10 sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb> show proc PROC (syz-executor) tid=262778 pid=33966 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=84, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7bcd10,0xffff80002a7bc7f0 process=0xffff8000ffff8918 user=0xffff80003ca04000, vmspace=0xfffffd800a249e78 estcpu=34, cpticks=18, pctcpu=0.18, user=18, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 89695 348375 531 0 2 0 syz-executor 89695 256257 531 0 2 0x4000000 syz-executor 96230 9287 78689 0 2 0 syz-executor 96230 143773 78689 0 3 0x4000080 fsleep syz-executor 76322 265555 69459 0 2 0 syz-executor 76322 119968 69459 0 3 0x4000080 fsleep syz-executor 76322 48648 69459 0 2 0x4000000 syz-executor 25444 251465 52915 0 2 0 syz-executor 25444 446208 52915 0 3 0x4000080 kqread syz-executor 25444 160656 52915 0 2 0x4000000 syz-executor 85571 445911 16271 0 2 0 syz-executor 85571 316190 16271 0 2 0x4000000 syz-executor 93638 426389 15508 0 2 0 syz-executor 93638 83818 15508 0 3 0x4000080 fsleep syz-executor 33966 345887 27381 0 2 0 syz-executor *33966 262778 27381 0 7 0x4000000 syz-executor 33966 215819 27381 0 3 0x4000080 fsleep syz-executor 33966 176889 27381 0 3 0x4000080 fsleep syz-executor 14334 113421 66166 0 2 0x2 syz-executor 16271 214627 66166 0 3 0x82 nanoslp syz-executor 52799 105890 0 0 3 0x14280 nfsidl nfsio 31642 348717 0 0 3 0x14280 nfsidl nfsio 20734 338126 0 0 3 0x14280 nfsidl nfsio 40708 491785 0 0 3 0x14280 nfsidl nfsio 42393 83239 0 0 3 0x14280 nfsidl nfsio 24129 19541 0 0 3 0x14280 nfsidl nfsio 14333 448688 0 0 3 0x14280 nfsidl nfsio 84594 518455 0 0 3 0x14280 nfsidl nfsio 66371 40423 0 0 3 0x14280 nfsidl nfsio 25754 110842 0 0 3 0x14280 nfsidl nfsio 49138 411533 0 0 3 0x14280 nfsidl nfsio 92406 83145 0 0 3 0x14280 nfsidl nfsio 42973 301317 0 0 3 0x14280 nfsidl nfsio 33626 201897 0 0 3 0x14280 nfsidl nfsio 9991 286148 0 0 3 0x14280 nfsidl nfsio 41163 88817 0 0 3 0x14280 nfsidl nfsio 32563 283009 0 0 3 0x14280 nfsidl nfsio 78909 127512 0 0 3 0x14280 nfsidl nfsio 67760 441925 0 0 3 0x14280 nfsidl nfsio 26677 479209 0 0 3 0x14280 nfsidl nfsio 78689 499204 66166 0 3 0x82 nanoslp syz-executor 531 418605 66166 0 3 0x82 nanoslp syz-executor 27381 339914 66166 0 3 0x82 nanoslp syz-executor 69459 213182 66166 0 3 0x82 nanoslp syz-executor 15508 21210 66166 0 3 0x82 nanoslp syz-executor 52915 458083 66166 0 3 0x82 nanoslp syz-executor 66166 189770 49316 0 3 0x82 kqread syz-executor 49316 430865 69524 0 3 0x10008a sigsusp ksh 69524 511637 9229 0 3 0x98 kqread sshd-session 9229 79724 71040 0 3 0x92 kqread sshd-session 31290 366806 1 0 3 0x100083 ttyin getty 71040 248028 1 0 3 0x88 kqread sshd 81627 216624 79857 73 3 0x1100090 kqread syslogd 79857 75557 1 0 3 0x100082 sbwait syslogd 81189 501705 1 0 3 0x100080 kqread resolvd 98609 246824 64113 77 3 0x100092 kqread dhcpleased 89054 127723 64113 77 3 0x100092 kqread dhcpleased 64113 504815 1 0 3 0x80 kqread dhcpleased 10160 4175 0 0 3 0x14200 bored smr 84519 62288 0 0 2 0x14200 zerothread 51031 262559 0 0 3 0x14200 aiodoned aiodoned 6258 487363 0 0 3 0x14200 syncer update 55033 39781 0 0 3 0x14200 cleaner cleaner 87893 437653 0 0 3 0x14200 reaper reaper 40216 235335 0 0 3 0x14200 pgdaemon pagedaemon 68235 342623 0 0 3 0x14200 bored viomb 13705 380556 0 0 3 0x40014200 acpi0 acpi0 5225 27259 0 0 3 0x14200 bored softnet0 72620 153018 0 0 3 0x14200 bored systqmp 40762 261473 0 0 3 0x14200 bored systq 96253 219365 0 0 3 0x40014200 tmoslp softclock 47056 283014 0 0 3 0x40014200 idle0 1 458673 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10227 11224K 12260K 166960K 14302 0 pcb 19 18K 21K 166960K 437 0 rtable 188 8K 9K 166960K 770 0 pf 32 13K 17K 166960K 175 0 ifaddr 35 5K 7K 166960K 98 0 ifgroup 54 2K 2K 166960K 153 0 sysctl 4 1K 9K 166960K 54 0 counters 34 17K 18K 166960K 83 0 ioctlops 0 0K 4K 166960K 422 0 iov 0 0K 32K 166960K 116 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1490 94K 94K 166960K 2904 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 218 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 1389 0 sigio 0 0K 0K 166960K 26 0 proc 60 59K 124K 166960K 651 0 subproc 72 4K 4K 166960K 90 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 309 0 in_multi 69 4K 7K 166960K 173 0 ether_multi 1 0K 0K 166960K 20 0 mrt 2 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 223 996K 996K 166960K 223 0 exec 0 0K 1K 166960K 754 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 238 160K 177K 166960K 14553 0 UVM aobj 31 12K 12K 166960K 34 0 pinsyscall 39 78K 96K 166960K 2499 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 111 0 NDP 12 0K 2K 166960K 66 0 temp 78 8672K 8752K 166960K 75915 0 kqueue 14 22K 28K 166960K 235 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 256 0 252 4 2 2 3 0 8 1 rtentry 136 232 0 159 4 0 4 4 0 8 0 unpcb 144 913 0 895 7 1 6 6 0 8 5 syncache 336 8 0 8 2 1 1 1 0 8 1 tcpqe 32 4 0 4 2 1 1 1 0 8 1 tcpcb 736 531 0 523 8 1 7 7 0 8 6 arp 96 27 0 12 1 0 1 1 0 8 0 ipq 40 4 0 3 1 0 1 1 0 8 0 ipqe 40 9 0 8 1 0 1 1 0 8 0 inpcb 328 1564 0 1514 19 10 9 12 0 8 4 ip6q 72 6 0 6 1 0 1 1 0 8 1 ip6af 40 7 0 7 1 0 1 1 0 8 1 nd6 112 36 0 20 1 0 1 1 0 8 0 pkpcb 40 12 0 12 2 1 1 1 0 8 1 kcovpl 48 10 0 2 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 0 1 1 0 8 1 ppxss 1072 38 0 38 3 2 1 1 0 8 1 pppxif 1384 5 0 5 2 1 1 1 0 8 1 pfrktable 1344 1 0 1 1 0 1 1 0 8 1 rttmr 136 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 718 0 397 31 3 28 30 0 8 6 art_table 40 721 0 397 5 0 5 5 0 8 0 art_node 32 230 0 164 2 0 2 2 0 8 1 sysvmsgpl 40 9 0 6 2 1 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 215 0 206 1 0 1 1 0 8 0 shmpl 112 25 0 2 1 0 1 1 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 3896 0 2401 95 0 95 95 0 8 0 ffsino 256 3896 0 2401 95 0 95 95 0 8 0 nchpl 144 5875 0 4174 64 0 64 64 0 8 0 rtmask 32 6 0 6 2 1 1 1 0 8 1 vnodes 216 5009 0 0 279 0 279 279 0 8 0 namei 1024 20708 0 20707 5 3 2 2 0 8 1 vcpupl 3904 6 0 1 1 0 1 1 0 8 0 vmpool 800 6 0 1 1 0 1 1 0 8 0 kstatmem 264 92 0 68 3 0 3 3 0 8 1 scsiplug 72 7 0 7 2 1 1 1 0 8 1 scxspl 216 18825 0 18825 16 8 8 8 1 8 8 plimitpl 152 379 0 362 1 0 1 1 0 8 0 sigapl 424 1675 0 1612 8 0 8 8 0 8 0 knotepl 120 328601 0 328550 45 35 10 23 0 8 8 kqueuepl 184 515 0 504 4 0 4 4 0 8 3 pipepl 304 235 0 208 3 0 3 3 0 8 0 fdescpl 448 1640 0 1610 5 1 4 5 0 8 0 filepl 120 11317 0 11060 21 9 12 17 0 8 3 lockfpl 104 634 0 632 2 0 2 2 0 8 1 lockfspl 48 254 0 252 1 0 1 1 0 8 0 sessionpl 144 25 0 17 1 0 1 1 0 8 0 pgrppl 48 49 0 33 1 0 1 1 0 8 0 ucredpl 104 1726 0 1715 1 0 1 1 0 8 0 zombiepl 144 2421 0 2421 2 1 1 1 0 8 1 processpl 1152 1675 0 1612 5 0 5 5 0 8 0 procpl 664 3920 0 3846 8 0 8 8 0 8 1 sosppl 176 4 0 4 1 0 1 1 0 8 1 sockpl 552 2785 0 2713 21 10 11 12 0 8 5 mcl64k 65536 152 0 152 5 2 3 3 0 8 3 mcl16k 16384 5 0 5 1 0 1 1 0 8 1 mcl12k 12288 6 0 6 1 0 1 1 0 8 1 mcl9k 9216 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 55 0 55 2 1 1 1 0 8 1 mcl4k 4096 4304 0 4253 13 5 8 13 0 8 1 mcl2k2 2112 2 0 2 1 0 1 1 0 8 1 mcl2k 2048 2067 0 2065 3 1 2 2 0 8 0 mtagpl 96 54 0 24 2 0 2 2 0 8 0 mbufpl 256 19565 0 19373 16 1 15 15 0 8 0 bufpl 280 6060 0 124 424 0 424 424 0 8 0 anonpl 24 255457 0 247207 88 13 75 75 0 187 0 amapchunkpl 152 49592 0 49026 45 12 33 37 0 158 8 amappl16 200 4878 0 4617 39 12 27 27 0 8 0 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 130 0 129 2 1 1 1 0 8 0 amappl13 176 516 0 515 1 0 1 1 0 8 0 amappl12 168 1997 0 1959 2 0 2 2 0 8 0 amappl11 160 4 0 4 1 1 0 1 0 8 0 amappl10 152 41 0 31 1 0 1 1 0 8 0 amappl9 144 242 0 242 1 1 0 1 0 8 0 amappl8 136 24 0 22 1 0 1 1 0 8 0 amappl7 128 95 0 94 1 0 1 1 0 8 0 amappl6 120 290 0 277 1 0 1 1 0 8 0 amappl5 112 78 0 70 1 0 1 1 0 8 0 amappl4 104 398 0 374 1 0 1 1 0 8 0 amappl3 96 9843 0 9737 4 0 4 4 0 8 1 amappl2 88 554 0 497 2 0 2 2 0 8 0 amappl1 80 14577 0 14038 14 1 13 13 0 8 1 amappl 88 13594 0 13426 6 1 5 5 0 92 0 uvmvnodes 80 130 0 0 3 0 3 3 0 8 0 dma4096 4096 2 0 2 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 33 0 3 1 0 1 1 0 8 0 uaddrrnd 24 1640 0 1610 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1640 0 1610 1 0 1 1 0 8 0 vmmpekpl 168 14418 0 14375 3 0 3 3 0 8 0 vmmpepl 168 110116 0 108063 109 7 102 102 0 357 6 vmsppl 368 1639 0 1610 4 1 3 4 0 8 0 rwobjpl 40 30456 0 29210 17 1 16 16 0 8 0 pdppl 4096 3299 0 3227 128 55 73 83 0 8 1 pvpl 32 715167 0 701533 178 25 153 155 0 265 8 pmappl 216 1645 0 1611 3 1 2 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 423 0 77 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_semop(ffff80002a883cc0,ffff80003ca095e0,ffff80003ca09530) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003ca095e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003ca095e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x828595f93b0, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_semop(ffff80002a883cc0,ffff80003ca095e0,ffff80003ca09530) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003ca095e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003ca095e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x828595f93b0, count: -3