kernel: protection fault trap, code=0 Stopped at sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_semop(ffff80002a7bd4d8,ffff800039d0f090,ffff800039d0efe0) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff800039d0f090) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800039d0f090) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xeecfa8dbb20, count: -3 ddb> show registers rdi 0 rsi 0 rbp 0xffff800039d0efc0 rbx 0xdeafbeaddeafbead rdx 0 rcx 0 rax 0xdeafbeaddeafbead r8 0x7f7fffffc000 r9 0 r10 0x1bc78af5d47807b8 r11 0x22979a0d3da4528e r12 0 r13 0xfffffd806ca99d90 r14 0xffff800039d0f090 r15 0 rip 0xffffffff81cbb5a5 sys_semop+0x3d5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800039d0eed0 ss 0x10 sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb> show proc PROC (syz-executor) tid=138754 pid=81623 tcnt=3 stat=onproc flags process=1000 proc=4080000 runpri=81, usrpri=80, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80003c93b778 scnt=2 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7bc2b0,0xffff80002a7bca88 process=0xffff8000ffffba98 user=0xffff800039d0a000, vmspace=0xfffffd806c9df5d8 estcpu=30, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 98197 482203 996 0 2 0 syz-executor 98197 387328 996 0 3 0x4000080 fsleep syz-executor 45083 426317 18405 0 2 0 syz-executor 45083 411914 18405 0 3 0x4000080 fsleep syz-executor 75159 320151 92274 0 2 0 syz-executor 75159 318997 92274 0 2 0x4000000 syz-executor 75159 515227 92274 0 3 0x4000080 fsleep syz-executor 81623 325825 99318 0 2 0x81000 syz-executor *81623 138754 99318 0 7 0x4081000 syz-executor 81623 126685 99318 0 3 0x4003000 suspend syz-executor 1543 41088 65397 0 3 0x3000 suspend syz-executor 1543 243047 65397 0 2 0x4081000 syz-executor 996 198979 39251 0 3 0x82 nanoslp syz-executor 46089 64814 0 0 3 0x14280 nfsidl nfsio 22272 262290 0 0 3 0x14280 nfsidl nfsio 6295 89360 0 0 3 0x14280 nfsidl nfsio 23972 270548 0 0 3 0x14280 nfsidl nfsio 81785 223906 0 0 3 0x14280 nfsidl nfsio 33523 280310 0 0 3 0x14280 nfsidl nfsio 54442 370673 0 0 3 0x14280 nfsidl nfsio 21215 395934 0 0 3 0x14280 nfsidl nfsio 86095 383471 0 0 3 0x14280 nfsidl nfsio 97023 247310 0 0 3 0x14280 nfsidl nfsio 71287 464735 0 0 3 0x14280 nfsidl nfsio 38429 329032 0 0 3 0x14280 nfsidl nfsio 74966 518716 0 0 3 0x14280 nfsidl nfsio 76210 418090 0 0 3 0x14280 nfsidl nfsio 59600 447170 0 0 3 0x14280 nfsidl nfsio 6577 32595 0 0 3 0x14280 nfsidl nfsio 61067 381575 0 0 3 0x14280 nfsidl nfsio 59087 519343 0 0 3 0x14280 nfsidl nfsio 56252 264296 0 0 3 0x14280 nfsidl nfsio 11279 355005 0 0 3 0x14280 nfsidl nfsio 92274 80988 39251 0 3 0x82 nanoslp syz-executor 88100 226760 39251 0 2 0x2 syz-executor 18405 243870 39251 0 3 0x82 nanoslp syz-executor 65397 385008 39251 0 3 0x82 wait syz-executor 27916 65115 39251 0 2 0x2 syz-executor 81894 387835 39251 0 2 0x2 syz-executor 99318 438853 39251 0 3 0x82 wait syz-executor 39251 97346 40545 0 3 0x82 kqread syz-executor 40545 134939 73600 0 3 0x10008a sigsusp ksh 73600 69400 7209 0 3 0x98 kqread sshd-session 7209 488439 26742 0 3 0x92 kqread sshd-session 79245 218428 1 0 3 0x100083 ttyopn getty 26742 383281 1 0 3 0x88 kqread sshd 15078 398060 7372 73 3 0x1100090 kqread syslogd 7372 200101 1 0 3 0x100082 sbwait syslogd 94396 215316 1 0 3 0x100080 kqread resolvd 82432 499303 6624 77 3 0x100092 kqread dhcpleased 29789 442848 6624 77 3 0x100092 kqread dhcpleased 6624 314637 1 0 3 0x80 kqread dhcpleased 69160 36509 0 0 3 0x14200 bored smr 66627 171088 0 0 2 0x14200 zerothread 32849 22640 0 0 3 0x14200 aiodoned aiodoned 94602 137683 0 0 3 0x14200 syncer update 55554 196550 0 0 3 0x14200 cleaner cleaner 25949 501531 0 0 3 0x14200 reaper reaper 42135 229232 0 0 3 0x14200 pgdaemon pagedaemon 4397 490104 0 0 3 0x14200 bored viomb 42301 487857 0 0 3 0x40014200 acpi0 acpi0 88369 392376 0 0 3 0x14200 bored softnet0 23275 124026 0 0 3 0x14200 bored systqmp 15948 446789 0 0 3 0x14200 bored systq 31899 236835 0 0 3 0x40014200 tmoslp softclock 95441 324387 0 0 3 0x40014200 idle0 1 70294 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10219 11068K 11367K 166960K 13180 0 pcb 18 16K 18K 166960K 333 0 rtable 222 9K 9K 166960K 576 0 pf 37 14K 16K 166960K 160 0 ifaddr 39 7K 8K 166960K 124 0 ifgroup 58 2K 2K 166960K 213 0 sysctl 4 1K 9K 166960K 15 0 counters 34 18K 18K 166960K 141 0 ioctlops 0 0K 4K 166960K 497 0 iov 0 0K 24K 166960K 176 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1449 91K 93K 166960K 2631 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 6K 166960K 13 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 256 0 dirhash 9 1K 2K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 15 53K 240K 166960K 1438 0 sigio 0 0K 0K 166960K 218 0 proc 60 59K 108K 166960K 611 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 156 0 in_multi 74 5K 7K 166960K 196 0 ether_multi 1 0K 0K 166960K 17 0 mrt 1 0K 0K 166960K 13 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 271 1208K 1208K 166960K 271 0 exec 0 0K 1K 166960K 612 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 218 154K 169K 166960K 15115 0 UVM aobj 48 16K 18K 166960K 51 0 pinsyscall 36 72K 94K 166960K 2527 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 75 0 NDP 13 0K 2K 166960K 83 0 temp 75 8656K 8732K 166960K 47381 0 kqueue 13 20K 32K 166960K 296 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 201 0 198 2 1 1 2 0 8 0 rtentry 136 165 0 80 4 0 4 4 0 8 0 unpcb 144 1209 0 1194 7 1 6 6 0 8 5 syncache 336 8 0 8 2 1 1 1 0 8 1 tcpqe 32 3 0 3 1 0 1 1 0 8 1 tcpcb 736 536 0 532 7 0 7 7 0 8 6 arp 96 25 0 8 1 0 1 1 0 8 0 ipq 40 10 0 10 1 0 1 1 0 8 1 ipqe 40 80 0 80 1 0 1 1 0 8 1 inpcb 328 1537 0 1529 12 5 7 7 0 8 6 ip6q 72 8 0 7 2 1 1 1 0 8 0 ip6af 40 12 0 12 2 1 1 1 0 8 1 nd6 112 33 0 14 1 0 1 1 0 8 0 pkpcb 40 12 0 12 2 1 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1072 88 0 88 2 1 1 1 0 8 1 pppxif 1384 11 0 11 2 1 1 1 0 8 1 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 5 0 3 1 0 1 1 0 8 0 pfstate 384 3 0 2 1 0 1 1 0 8 0 pfrule 1344 4 0 3 1 0 1 1 0 8 0 rttmr 136 3 0 3 1 0 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 817 0 476 32 5 27 32 0 8 5 art_table 40 820 0 476 6 1 5 6 0 8 0 art_node 32 165 0 91 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 4 1 0 1 1 0 8 0 semupl 112 2 0 2 2 1 1 1 0 8 1 semapl 112 253 0 244 1 0 1 1 0 8 0 shmpl 112 39 0 1 2 0 2 2 0 8 0 dirhash 1024 21 0 14 3 0 3 3 0 8 1 dino2pl 256 3980 0 2492 95 0 95 95 0 8 0 ffsino 256 3980 0 2492 95 0 95 95 0 8 0 nchpl 144 6025 0 4337 64 0 64 64 0 8 0 rtmask 32 7 0 7 1 0 1 1 0 8 1 vnodes 216 4846 0 0 270 0 270 270 0 8 0 namei 1024 21765 0 21763 2 0 2 2 0 8 1 vcpupl 3904 8 0 1 1 0 1 1 0 8 0 vmpool 800 9 0 2 1 0 1 1 0 8 0 kstatmem 264 128 0 102 3 0 3 3 0 8 0 scsiplug 72 5 0 5 2 1 1 1 0 8 1 scxspl 216 18299 0 18299 10 2 8 8 1 8 8 plimitpl 152 426 0 410 1 0 1 1 0 8 0 sigapl 424 1729 0 1669 8 0 8 8 0 8 0 knotepl 120 53965 0 53918 26 16 10 17 0 8 7 kqueuepl 184 481 0 472 2 1 1 2 0 8 0 pipepl 304 306 0 279 7 2 5 5 0 8 2 fdescpl 448 1692 0 1665 5 1 4 5 0 8 0 filepl 120 11539 0 11332 15 2 13 13 0 8 5 lockfpl 104 849 0 847 2 0 2 2 0 8 1 lockfspl 48 203 0 201 1 0 1 1 0 8 0 sessionpl 144 25 0 17 1 0 1 1 0 8 0 pgrppl 48 82 0 66 1 0 1 1 0 8 0 ucredpl 104 1652 0 1640 1 0 1 1 0 8 0 zombiepl 144 2513 0 2511 1 0 1 1 0 8 0 processpl 1152 1729 0 1669 5 0 5 5 0 8 0 procpl 664 4034 0 3967 8 0 8 8 0 8 1 sosppl 176 11 0 11 2 1 1 1 0 8 1 sockpl 552 3075 0 3049 25 15 10 15 0 8 8 mcl64k 65536 156 0 156 2 1 1 1 0 8 1 mcl12k 12288 2 0 2 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 25 0 25 2 1 1 1 0 8 1 mcl4k 4096 4290 0 4237 13 5 8 13 0 8 1 mcl2k2 2112 2 0 2 2 1 1 1 0 8 1 mcl2k 2048 2095 0 2095 5 2 3 3 0 8 3 mtagpl 96 36 0 21 1 0 1 1 0 8 0 mbufpl 256 19257 0 18868 34 2 32 32 0 8 4 bufpl 280 6531 0 310 445 0 445 445 0 8 0 anonpl 24 245333 0 242308 79 22 57 57 0 187 25 amapchunkpl 152 51206 0 50766 39 5 34 34 0 158 15 amappl16 200 3620 0 3587 37 26 11 15 0 8 8 amappl15 192 18 0 18 1 1 0 1 0 8 0 amappl14 184 3 0 3 2 1 1 1 0 8 1 amappl13 176 424 0 423 1 0 1 1 0 8 0 amappl12 168 2042 0 2006 2 0 2 2 0 8 0 amappl11 160 4 0 4 1 1 0 1 0 8 0 amappl10 152 43 0 33 1 0 1 1 0 8 0 amappl9 144 255 0 255 1 1 0 1 0 8 0 amappl8 136 20 0 18 1 0 1 1 0 8 0 amappl7 128 81 0 80 1 0 1 1 0 8 0 amappl6 120 289 0 277 1 0 1 1 0 8 0 amappl5 112 86 0 78 1 0 1 1 0 8 0 amappl4 104 394 0 367 1 0 1 1 0 8 0 amappl3 96 8878 0 8796 3 0 3 3 0 8 0 amappl2 88 1841 0 1772 2 0 2 2 0 8 0 amappl1 80 14953 0 14423 13 0 13 13 0 8 0 amappl 88 14160 0 14011 5 0 5 5 0 92 1 uvmvnodes 80 134 0 0 3 0 3 3 0 8 0 dma16384 16384 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 7 0 7 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 50 0 3 1 0 1 1 0 8 0 uaddrrnd 24 1692 0 1665 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1692 0 1665 1 0 1 1 0 8 0 vmmpekpl 168 15342 0 15307 2 0 2 2 0 8 0 vmmpepl 168 111071 0 109380 100 9 91 91 0 357 10 vmsppl 368 1691 0 1665 4 1 3 4 0 8 0 rwobjpl 40 29626 0 28610 14 1 13 13 0 8 0 pdppl 4096 3408 0 3341 120 47 73 82 0 8 6 pvpl 32 710152 0 702223 182 43 139 139 0 265 52 pmappl 216 1700 0 1667 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 429 0 69 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_semop(ffff80002a7bd4d8,ffff800039d0f090,ffff800039d0efe0) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff800039d0f090) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800039d0f090) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xeecfa8dbb20, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_semop(ffff80002a7bd4d8,ffff800039d0f090,ffff800039d0efe0) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff800039d0f090) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800039d0f090) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xeecfa8dbb20, count: -3