kernel: protection fault trap, code=0 Stopped at sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_semop(ffff80002a7cc548,ffff80003cc21140,ffff80003cc21090) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003cc21140) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003cc21140) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xeb0222e3f0, count: -3 ddb> show registers rdi 0 rsi 0 rbp 0xffff80003cc21070 rbx 0xdeaf4152deaf4152 rdx 0 rcx 0 rax 0xdeaf4152deaf4152 r8 0x7f7fffffc000 r9 0 r10 0xb0054de8b46e548 r11 0x9705a64d4b676b82 r12 0 r13 0xfffffd800d31b850 r14 0xffff80003cc21140 r15 0 rip 0xffffffff82b41255 sys_semop+0x3d5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003cc20f80 ss 0x10 sys_semop+0x3d5: movzwl 0(%rax),%r15d ddb> show proc PROC (syz-executor) tid=238433 pid=86466 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=81, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c93f250,0xffff80003c9a2fd0 process=0xffff80002a8edb20 user=0xffff80003cc1c000, vmspace=0xfffffd806c2415d0 estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 87484 339131 15815 0 2 0 syz-executor 87484 35543 15815 0 2 0x4000000 syz-executor 31748 321568 27991 0 2 0 syz-executor 31748 366353 27991 0 2 0x4000000 syz-executor 2704 428319 9465 0 2 0 syz-executor 6749 337168 1226 60929 3 0x90 nanoslp syz-executor 6749 511972 1226 60929 3 0x4000090 kqread syz-executor 6749 485680 1226 60929 3 0x4000090 fsleep syz-executor 6749 487493 1226 60929 3 0x4000090 fsleep syz-executor 86466 129002 39482 0 2 0 syz-executor *86466 238433 39482 0 7 0x4000000 syz-executor 86466 129638 39482 0 3 0x4000080 fsleep syz-executor 98603 496671 67437 0 3 0x80 nanoslp syz-executor 98603 426722 67437 0 3 0x4000080 fsleep syz-executor 98603 516691 67437 0 3 0x4000080 fsleep syz-executor 98603 105497 67437 0 3 0x4000080 fsleep syz-executor 30754 519042 0 0 3 0x14200 acct acct 39482 439951 62637 0 3 0x82 nanoslp syz-executor 24226 151977 0 0 3 0x14280 nfsidl nfsio 20565 85480 0 0 3 0x14280 nfsidl nfsio 52828 311288 0 0 3 0x14280 nfsidl nfsio 48092 392020 0 0 3 0x14280 nfsidl nfsio 16071 251747 0 0 3 0x14280 nfsidl nfsio 8232 386573 0 0 3 0x14280 nfsidl nfsio 98668 196042 0 0 3 0x14280 nfsidl nfsio 29822 180180 0 0 3 0x14280 nfsidl nfsio 67001 355876 0 0 3 0x14280 nfsidl nfsio 72016 378509 0 0 3 0x14280 nfsidl nfsio 82808 400083 0 0 3 0x14280 nfsidl nfsio 48629 14112 0 0 3 0x14280 nfsidl nfsio 11062 346721 0 0 3 0x14280 nfsidl nfsio 63719 97021 0 0 3 0x14280 nfsidl nfsio 28927 161947 0 0 3 0x14280 nfsidl nfsio 8527 191808 0 0 3 0x14280 nfsidl nfsio 31099 334581 0 0 3 0x14280 nfsidl nfsio 52043 220001 0 0 3 0x14280 nfsidl nfsio 69774 435826 0 0 3 0x14280 nfsidl nfsio 71706 398133 0 0 3 0x14280 nfsidl nfsio 94655 376439 0 0 3 0x14200 bored sosplice 58370 483068 62637 0 2 0x2 syz-executor 43948 397334 62637 0 3 0x82 wait syz-executor 1226 35985 62637 0 3 0x82 nanoslp syz-executor 9465 36324 62637 0 3 0x82 nanoslp syz-executor 67437 394979 62637 0 3 0x82 nanoslp syz-executor 15815 121420 62637 0 3 0x82 nanoslp syz-executor 27991 466649 62637 0 3 0x82 nanoslp syz-executor 62637 113403 31982 0 3 0x82 kqread syz-executor 31982 92938 95189 0 3 0x10008a sigsusp ksh 95189 366752 1178 0 3 0x98 kqread sshd-session 1178 184097 25385 0 3 0x92 kqread sshd-session 12017 203626 1 0 3 0x100083 ttyopn getty 25385 386499 1 0 3 0x88 kqread sshd 35171 163951 74358 73 3 0x1100090 kqread syslogd 74358 3027 1 0 3 0x100082 sbwait syslogd 47738 362386 1 0 3 0x100080 kqread resolvd 88910 241573 94961 77 3 0x100092 kqread dhcpleased 54800 149919 94961 77 3 0x100092 kqread dhcpleased 94961 20186 1 0 3 0x80 kqread dhcpleased 40805 131469 0 0 3 0x14200 bored smr 8330 302866 0 0 2 0x14200 zerothread 18735 38437 0 0 3 0x14200 aiodoned aiodoned 97783 106855 0 0 3 0x14200 syncer update 19737 129622 0 0 3 0x14200 cleaner cleaner 44455 483248 0 0 3 0x14200 reaper reaper 55281 185124 0 0 3 0x14200 pgdaemon pagedaemon 83476 341770 0 0 3 0x14200 bored viomb 95502 423729 0 0 3 0x40014200 acpi0 acpi0 55558 296163 0 0 3 0x14200 bored softnet0 37431 324591 0 0 3 0x14200 smrbar systqmp 60523 363332 0 0 3 0x14200 bored systq 65267 270792 0 0 3 0x40014200 tmoslp softclock 7718 370910 0 0 3 0x40014200 idle0 1 43202 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10179 11047K 11339K 166960K 13229 0 pcb 18 16K 18K 166960K 574 0 rtable 203 9K 10K 166960K 561 0 pf 28 12K 19K 166960K 117 0 ifaddr 35 6K 7K 166960K 97 0 ifgroup 46 2K 2K 166960K 132 0 sysctl 4 1K 9K 166960K 23 0 counters 31 17K 18K 166960K 212 0 ioctlops 0 0K 4K 166960K 699 0 iov 0 0K 28K 166960K 163 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1459 92K 92K 166960K 2576 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 24 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 114 0 dirhash 12 2K 2K 166960K 27 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 1277 0 sigio 0 0K 0K 166960K 28 0 proc 60 59K 100K 166960K 623 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 127 0 in_multi 77 5K 7K 166960K 170 0 ether_multi 1 0K 0K 166960K 14 0 mrt 2 0K 0K 166960K 18 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 97 440K 440K 166960K 97 0 exec 0 0K 1K 166960K 589 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 220 150K 170K 166960K 13054 0 UVM aobj 17 2K 2K 166960K 18 0 pinsyscall 38 76K 93K 166960K 2375 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 69 0 NDP 10 0K 2K 166960K 59 0 temp 76 8648K 8776K 166960K 48663 0 kqueue 13 20K 32K 166960K 276 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 120 0 117 1 0 1 1 0 8 0 rtentry 136 164 0 86 4 0 4 4 0 8 0 unpcb 144 1008 0 992 13 9 4 10 0 8 3 syncache 336 9 0 9 2 1 1 1 0 8 1 tcpqe 32 4 0 4 2 1 1 1 0 8 1 tcpcb 736 552 0 544 13 6 7 7 0 8 6 arp 96 23 0 9 1 0 1 1 0 8 0 ipq 40 2 0 1 1 0 1 1 0 8 0 ipqe 40 3 0 2 1 0 1 1 0 8 0 inpcb 328 1601 0 1588 12 5 7 7 0 8 5 ip6q 72 6 0 4 1 0 1 1 0 8 0 ip6af 40 14 0 11 2 1 1 1 0 8 0 nd6 112 36 0 17 1 0 1 1 0 8 0 pkpcb 40 12 0 12 2 1 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1072 172 0 172 2 1 1 1 0 8 1 pppxif 1384 6 0 6 2 1 1 1 0 8 1 pfrktable 1344 2 0 2 1 0 1 1 0 8 1 pfanchor 1288 2 0 0 1 0 1 1 0 8 0 pfrule 1344 2 0 2 1 1 0 1 0 8 0 rttmr 136 2 0 2 2 1 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 836 0 500 29 1 28 29 0 8 4 art_table 40 838 0 500 5 0 5 5 0 8 0 art_node 32 160 0 92 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 8 1 0 1 1 0 8 0 semapl 112 110 0 101 1 0 1 1 0 8 0 shmpl 112 15 0 1 1 0 1 1 0 8 0 dirhash 1024 27 0 10 3 0 3 3 0 8 0 dino2pl 256 3859 0 2360 95 0 95 95 0 8 0 ffsino 256 3859 0 2360 95 0 95 95 0 8 0 nchpl 144 5648 0 3960 64 0 64 64 0 8 0 rtmask 32 9 0 9 2 1 1 1 0 8 1 vnodes 216 4556 0 0 254 0 254 254 0 8 0 namei 1024 19327 0 19326 2 1 1 2 0 8 0 kstatmem 264 82 0 62 2 0 2 2 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 7 0 7 2 1 1 1 0 8 1 scxspl 216 21098 0 21098 15 7 8 8 1 8 8 plimitpl 152 445 0 428 1 0 1 1 0 8 0 sigapl 424 1565 0 1501 8 0 8 8 0 8 0 knotepl 120 83213 0 83166 30 20 10 18 0 8 8 kqueuepl 184 673 0 662 9 3 6 6 0 8 5 pipepl 304 299 0 272 8 0 8 8 0 8 5 fdescpl 448 1529 0 1500 5 1 4 5 0 8 0 filepl 120 10627 0 10413 25 9 16 17 0 8 7 lockfpl 104 359 0 357 1 0 1 1 0 8 0 lockfspl 48 148 0 146 1 0 1 1 0 8 0 sessionpl 144 26 0 18 1 0 1 1 0 8 0 pgrppl 48 49 0 33 1 0 1 1 0 8 0 ucredpl 104 2109 0 2097 1 0 1 1 0 8 0 zombiepl 144 2024 0 2023 1 0 1 1 0 8 0 processpl 1152 1565 0 1501 5 0 5 5 0 8 0 procpl 664 3442 0 3368 8 0 8 8 0 8 1 sosppl 168 9 0 9 2 1 1 1 0 8 1 sockpl 552 2789 0 2757 32 21 11 24 0 8 7 mcl64k 65536 372 0 372 2 1 1 1 0 8 1 mcl16k 16384 2 0 2 2 1 1 1 0 8 1 mcl12k 12288 2 0 2 2 1 1 1 0 8 1 mcl9k 9216 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 17 0 17 2 1 1 1 0 8 1 mcl4k 4096 3967 0 3913 14 5 9 13 0 8 2 mcl2k 2048 1970 0 1964 3 1 2 2 0 8 0 mtagpl 96 7 0 5 1 0 1 1 0 8 0 mbufpl 256 16743 0 16566 23 5 18 20 0 8 3 bufpl 280 7845 0 1623 445 0 445 445 0 8 0 anonpl 24 248845 0 245336 102 19 83 83 0 187 45 amapchunkpl 152 45509 0 45051 47 14 33 36 0 158 12 amappl16 200 4611 0 4575 39 26 13 27 0 8 8 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 4 0 4 1 1 0 1 0 8 0 amappl13 176 421 0 420 1 0 1 1 0 8 0 amappl12 168 1891 0 1853 2 0 2 2 0 8 0 amappl11 160 7 0 7 1 1 0 1 0 8 0 amappl10 152 44 0 34 1 0 1 1 0 8 0 amappl9 144 255 0 253 1 0 1 1 0 8 0 amappl8 136 23 0 21 1 0 1 1 0 8 0 amappl7 128 85 0 84 1 0 1 1 0 8 0 amappl6 120 291 0 279 1 0 1 1 0 8 0 amappl5 112 70 0 62 1 0 1 1 0 8 0 amappl4 104 401 0 376 1 0 1 1 0 8 0 amappl3 96 7743 0 7663 3 0 3 3 0 8 0 amappl2 88 1690 0 1617 2 0 2 2 0 8 0 amappl1 80 14426 0 13894 16 1 15 15 0 8 2 amappl 88 12096 0 11944 5 0 5 5 0 92 0 uvmvnodes 80 4556 0 0 93 0 93 93 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 7 0 7 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 17 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1529 0 1500 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1529 0 1500 1 0 1 1 0 8 0 vmmpekpl 168 13819 0 13783 2 0 2 2 0 8 0 vmmpepl 168 103062 0 101270 111 6 105 105 0 357 18 vmsppl 368 1528 0 1500 4 1 3 4 0 8 0 rwobjpl 40 33061 0 27658 55 0 55 55 0 8 0 pdppl 4096 3064 0 3000 104 38 66 80 0 8 2 pvpl 32 688524 0 680093 214 40 174 174 0 265 76 pmappl 216 1528 0 1500 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 404 0 65 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_semop(ffff80002a7cc548,ffff80003cc21140,ffff80003cc21090) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003cc21140) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003cc21140) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xeb0222e3f0, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_semop(ffff80002a7cc548,ffff80003cc21140,ffff80003cc21090) at sys_semop+0x3d5 sys/kern/sysv_sem.c:617 syscall(ffff80003cc21140) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003cc21140) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xeb0222e3f0, count: -3