kernel: protection fault trap, code=0 Stopped at sys_semop+0x3ae: movzwl 0x8(%rax,%rcx,4),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_semop(ffff800038536f98,ffff80002a85f5d0,ffff80002a85f520) at sys_semop+0x3ae sys/kern/sysv_sem.c:620 syscall(ffff80002a85f5d0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x67b3b1011d0, count: -3 ddb> show registers rdi 0 rsi 0x6161 __ALIGN_SIZE+0x5161 rbp 0xffff80002a85f4f0 rbx 0 rdx 0 rcx 0x12423 __ALIGN_SIZE+0x11423 rax 0xdeafbeaddeafbead r8 0x7f7fffffc000 r9 0 r10 0x384cebf9a4524314 r11 0x8bcde0c5ec50d03b r12 0xffff800001485204 r13 0x6161 __ALIGN_SIZE+0x5161 r14 0xffff80002a85f5d0 r15 0x6161 __ALIGN_SIZE+0x5161 rip 0xffffffff8226f89e sys_semop+0x3ae cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a85f3d0 ss 0x10 sys_semop+0x3ae: movzwl 0x8(%rax,%rcx,4),%r15d ddb> show proc PROC (syz-executor) tid=98281 pid=5923 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=81, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800038536d08,0xffff800038537c78 process=0xffff8000ffff48c8 user=0xffff80002a85a000, vmspace=0xfffffd806c0a99e8 estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 69360 144102 38067 0 2 0 syz-executor 69360 82276 38067 0 3 0x4000080 fsleep syz-executor 67706 70325 78666 0 2 0 syz-executor 20510 460797 41987 0 2 0 syz-executor 20510 23596 41987 0 3 0x4000080 ttyin syz-executor 5923 36854 26070 0 2 0 syz-executor * 5923 98281 26070 0 7 0x4000000 syz-executor 5923 208505 26070 0 3 0x4000080 fsleep syz-executor 5923 343609 26070 0 3 0x4000080 fsleep syz-executor 17389 33165 69123 0 3 0 futex syz-executor 17389 330067 69123 0 3 0x4000000 futex syz-executor 17389 345081 69123 0 3 0x4000000 futex syz-executor 17389 289227 69123 0 2 0x4000000 syz-executor 63932 225840 82696 0 2 0 syz-executor 63932 137695 82696 0 3 0x4000000 futex syz-executor 63932 132253 82696 0 2 0x4000000 syz-executor 63932 270362 82696 0 3 0x4000080 fsleep syz-executor 83439 231531 5544 0 3 0 futex syz-executor 83439 496382 5544 0 3 0x4000080 sbwait syz-executor 83439 203258 5544 0 2 0x4000000 syz-executor 83439 80963 5544 0 3 0x4000080 fsleep syz-executor 83439 364774 5544 0 3 0x4000000 futex syz-executor 69123 506104 22359 0 3 0x82 nanoslp syz-executor 78666 423566 22359 0 3 0x82 nanoslp syz-executor 3519 338198 0 0 3 0x14280 nfsidl nfsio 97559 181740 0 0 3 0x14280 nfsidl nfsio 99860 434993 0 0 3 0x14280 nfsidl nfsio 46955 326181 0 0 3 0x14280 nfsidl nfsio 46737 47475 0 0 3 0x14280 nfsidl nfsio 99378 411136 0 0 3 0x14280 nfsidl nfsio 21501 446042 0 0 3 0x14280 nfsidl nfsio 9816 318941 0 0 3 0x14280 nfsidl nfsio 51424 505804 0 0 3 0x14280 nfsidl nfsio 82271 288041 0 0 3 0x14280 nfsidl nfsio 76536 393842 0 0 3 0x14280 nfsidl nfsio 25072 408426 0 0 3 0x14280 nfsidl nfsio 70323 74512 0 0 3 0x14280 nfsidl nfsio 91516 232077 0 0 3 0x14280 nfsidl nfsio 9757 479046 0 0 3 0x14280 nfsidl nfsio 14879 229492 0 0 3 0x14280 nfsidl nfsio 96893 50316 0 0 3 0x14280 nfsidl nfsio 74838 177640 0 0 3 0x14280 nfsidl nfsio 84458 14030 0 0 3 0x14280 nfsidl nfsio 25221 131798 0 0 3 0x14280 nfsidl nfsio 63428 488641 0 0 3 0x14200 bored sosplice 41987 389778 22359 0 3 0x82 nanoslp syz-executor 82696 451379 22359 0 3 0x82 nanoslp syz-executor 26070 255811 22359 0 3 0x82 nanoslp syz-executor 77280 11431 22359 0 2 0x2 syz-executor 38067 217851 22359 0 3 0x82 nanoslp syz-executor 5544 33146 22359 0 3 0x82 nanoslp syz-executor 22359 71445 26247 0 3 0x82 kqread syz-executor 26247 424292 99126 0 3 0x10008a sigsusp ksh 99126 8672 23109 0 3 0x98 kqread sshd-session 23109 506875 10473 0 3 0x92 kqread sshd-session 65558 167369 1 0 3 0x100083 ttyin getty 10473 436875 1 0 3 0x88 kqread sshd 24526 364879 14782 73 3 0x1100090 kqread syslogd 14782 385711 1 0 3 0x100082 sbwait syslogd 41683 2390 1 0 3 0x100080 kqread resolvd 51487 161312 50637 77 3 0x100092 kqread dhcpleased 44423 406074 50637 77 3 0x100092 kqread dhcpleased 50637 121224 1 0 3 0x80 kqread dhcpleased 46840 370202 0 0 3 0x14200 bored smr 90589 235251 0 0 2 0x14200 zerothread 28869 132395 0 0 3 0x14200 aiodoned aiodoned 80319 214177 0 0 3 0x14200 syncer update 76443 229591 0 0 3 0x14200 cleaner cleaner 2407 460855 0 0 3 0x14200 reaper reaper 61614 132277 0 0 3 0x14200 pgdaemon pagedaemon 85936 78154 0 0 3 0x14200 bored viomb 8750 365437 0 0 3 0x40014200 acpi0 acpi0 33142 59861 0 0 3 0x14200 bored softnet3 89961 288472 0 0 3 0x14200 bored softnet2 36254 102179 0 0 3 0x14200 bored softnet1 26908 189100 0 0 3 0x14200 bored softnet0 9232 163249 0 0 3 0x14200 bored systqmp 22546 524165 0 0 3 0x14200 bored systq 66555 236697 0 0 3 0x40014200 tmoslp softclock 51989 383084 0 0 3 0x40014200 idle0 1 200654 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10207 11126K 11640K 166960K 13070 0 pcb 17 14K 14K 166960K 218 0 rtable 196 8K 9K 166960K 535 0 pf 28 12K 15K 166960K 111 0 ifaddr 37 6K 8K 166960K 95 0 ifgroup 46 2K 2K 166960K 146 0 sysctl 4 1K 1K 166960K 4 0 counters 29 17K 17K 166960K 78 0 ioctlops 0 0K 4K 166960K 302 0 iov 0 0K 17K 166960K 91 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1402 88K 88K 166960K 2128 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 6K 166960K 24 0 VM map 2 1K 1K 166960K 2 0 sem 12 36K 36K 166960K 43 0 dirhash 12 2K 2K 166960K 39 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 228K 166960K 1131 0 sigio 0 0K 0K 166960K 15 0 proc 60 59K 124K 166960K 672 0 subproc 72 4K 4K 166960K 90 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 121 0 in_multi 84 6K 7K 166960K 151 0 ether_multi 1 0K 0K 166960K 5 0 mrt 1 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 217 970K 970K 166960K 217 0 exec 0 0K 1K 166960K 734 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 224 72K 91K 166960K 11861 0 UVM aobj 125 3K 3K 166960K 126 0 pinsyscall 38 76K 96K 166960K 2192 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 65 0 NDP 10 0K 2K 166960K 62 0 temp 60 8680K 8799K 166960K 24239 0 kqueue 13 20K 34K 166960K 222 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 122 0 119 1 0 1 1 0 8 0 rtentry 128 168 0 84 4 0 4 4 0 8 0 unpcb 144 1180 0 1162 3 1 2 2 0 8 1 syncache 336 4 0 4 2 1 1 1 0 8 1 tcpcb 808 234 0 230 5 3 2 4 0 8 1 arp 88 25 0 9 1 0 1 1 0 8 0 ipq 40 3 0 2 1 0 1 1 0 8 0 ipqe 40 3 0 2 1 0 1 1 0 8 0 inpcb 344 1122 0 1115 11 3 8 8 0 8 7 nd6 104 42 0 21 1 0 1 1 0 8 0 pkpcb 40 6 0 6 2 1 1 1 0 8 1 kcovpl 48 10 0 2 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 1 1 1 0 8 1 ppxss 1072 35 0 35 2 1 1 1 0 8 1 pppxif 1384 9 0 9 2 1 1 1 0 8 1 pfrule 1344 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 677 0 291 30 0 30 30 0 8 5 art_table 32 678 0 291 4 0 4 4 0 8 0 art_node 16 164 0 88 1 0 1 1 0 8 0 sysvmsgpl 40 9 0 3 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 36 0 27 1 0 1 1 0 8 0 shmpl 112 123 0 1 4 0 4 4 0 8 0 dirhash 1024 36 0 19 3 0 3 3 0 8 0 dino2pl 256 3377 0 1879 95 0 95 95 0 8 0 ffsino 248 3377 0 1879 95 0 95 95 0 8 0 nchpl 144 4956 0 3273 63 0 63 63 0 8 0 rtmask 32 5 0 5 1 1 0 1 0 8 0 uvmvnodes 80 3949 0 0 81 0 81 81 0 8 0 vnodes 216 3949 0 0 220 0 220 220 0 8 0 namei 1024 18460 0 18460 2 1 1 1 0 8 1 kstatmem 264 84 0 64 2 0 2 2 0 8 0 scsiplug 72 3 0 3 2 1 1 1 0 8 1 scxspl 216 14932 0 14932 9 7 2 8 1 8 2 plimitpl 152 397 0 380 1 0 1 1 0 8 0 sigapl 424 1413 0 1347 8 0 8 8 0 8 0 futexpl 64 15872 0 15866 1 0 1 1 0 8 0 knotepl 120 47347 0 47300 18 8 10 11 0 8 7 kqueuepl 184 455 0 445 4 3 1 4 0 8 0 pipepl 296 248 0 221 8 5 3 8 0 8 0 fdescpl 440 1375 0 1346 5 1 4 5 0 8 0 filepl 120 9317 0 9103 16 5 11 13 0 8 3 lockfpl 104 485 0 482 1 0 1 1 0 8 0 lockfspl 48 152 0 149 1 0 1 1 0 8 0 sessionpl 144 23 0 15 1 0 1 1 0 8 0 pgrppl 48 46 0 30 1 0 1 1 0 8 0 ucredpl 104 1324 0 1312 1 0 1 1 0 8 0 zombiepl 144 1728 0 1728 2 1 1 1 0 8 1 processpl 1112 1413 0 1347 5 0 5 5 0 8 0 procpl 656 3012 0 2931 8 0 8 8 0 8 0 sosppl 168 8 0 8 2 1 1 1 0 8 1 sockpl 528 2441 0 2413 9 2 7 7 0 8 4 mcl64k 65536 26 0 26 2 1 1 1 0 8 1 mcl16k 16384 5 0 5 2 1 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 4 0 4 2 1 1 1 0 8 1 mcl8k 8192 26 0 26 2 1 1 1 0 8 1 mcl4k 4096 3762 0 3710 14 6 8 13 0 8 1 mcl2k2 2112 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 1213 0 1205 6 3 3 4 0 8 1 mtagpl 96 92 0 44 2 0 2 2 0 8 0 mbufpl 256 22529 0 22322 21 2 19 19 0 8 2 bufpl 280 5034 0 130 351 0 351 351 0 8 0 anonpl 24 205166 0 201741 47 0 47 47 0 187 16 amapchunkpl 152 39775 0 39254 44 11 33 33 0 158 10 amappl16 200 4046 0 4011 25 14 11 15 0 8 8 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 109 0 99 1 0 1 1 0 8 0 amappl13 176 8 0 7 1 0 1 1 0 8 0 amappl12 168 2011 0 1983 2 0 2 2 0 8 0 amappl11 160 46 0 36 1 0 1 1 0 8 0 amappl10 152 3 0 3 1 1 0 1 0 8 0 amappl9 144 249 0 249 1 1 0 1 0 8 0 amappl8 136 22 0 20 1 0 1 1 0 8 0 amappl7 128 98 0 88 1 0 1 1 0 8 0 amappl6 120 194 0 190 1 0 1 1 0 8 0 amappl5 112 120 0 113 1 0 1 1 0 8 0 amappl4 104 287 0 270 1 0 1 1 0 8 0 amappl3 96 7800 0 7685 5 1 4 4 0 8 0 amappl2 88 642 0 586 2 0 2 2 0 8 0 amappl1 80 10518 0 10006 14 2 12 13 0 8 1 amappl 88 11440 0 11264 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 7 0 7 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 125 0 1 3 0 3 3 0 8 0 uaddrrnd 24 1375 0 1346 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1375 0 1346 1 0 1 1 0 8 0 vmmpekpl 168 11974 0 11926 3 0 3 3 0 8 0 vmmpepl 168 87366 0 85610 91 0 91 91 0 357 12 vmsppl 360 1374 0 1346 4 1 3 4 0 8 0 rwobjpl 32 28717 0 23770 40 0 40 40 0 8 0 pdppl 4096 2756 0 2692 106 40 66 82 0 8 2 pvpl 32 604313 0 594506 129 0 129 129 0 265 38 pmappl 216 1374 0 1346 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 296 0 62 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_semop(ffff800038536f98,ffff80002a85f5d0,ffff80002a85f520) at sys_semop+0x3ae sys/kern/sysv_sem.c:620 syscall(ffff80002a85f5d0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x67b3b1011d0, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_semop(ffff800038536f98,ffff80002a85f5d0,ffff80002a85f520) at sys_semop+0x3ae sys/kern/sysv_sem.c:620 syscall(ffff80002a85f5d0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x67b3b1011d0, count: -3