kernel: protection fault trap, code=0 Stopped at sys_semop+0x3ae: movzwl 0x8(%rax,%rcx,4),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_semop(ffff80002a7acf78,ffff80003c9676c0,ffff80003c967610) at sys_semop+0x3ae sys/kern/sysv_sem.c:620 syscall(ffff80003c9676c0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9676c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x21027a5a950, count: -3 ddb> show registers rdi 0 rsi 0x7 rbp 0xffff80003c9675e0 rbx 0 rdx 0 rcx 0 rax 0xdeafbeaddeafbead r8 0x7f7fffffc000 r9 0 r10 0x802633e1fe583521 r11 0x5c28f6b8ebed86c8 r12 0xffff8000014ca504 r13 0x7 r14 0xffff80003c9676c0 r15 0x7 rip 0xffffffff82069a9e sys_semop+0x3ae cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c9674c0 ss 0x10 sys_semop+0x3ae: movzwl 0x8(%rax,%rcx,4),%r15d ddb> show proc PROC (syz-executor) tid=408845 pid=44373 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7ac018,0xffff80002a7ad9c8 process=0xffff8000ffff9e80 user=0xffff80003c962000, vmspace=0xfffffd806c08b2e0 estcpu=0, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 37597 342142 96661 0 2 0 syz-executor 37597 319677 96661 0 2 0x4000000 syz-executor 16107 42966 47121 0 2 0 syz-executor 16107 74643 47121 0 2 0x4000000 syz-executor 17063 93815 18830 0 2 0 syz-executor 17063 77177 18830 0 2 0x4000000 syz-executor 44373 519847 57550 0 2 0 syz-executor *44373 408845 57550 0 7 0x4000000 syz-executor 44373 112396 57550 0 2 0x4000000 syz-executor 44373 516252 57550 0 3 0x4000080 fsleep syz-executor 14879 165560 56606 0 2 0 syz-executor 14879 83615 56606 0 2 0x4000000 syz-executor 48297 163652 16130 0 2 0 syz-executor 48297 179284 16130 0 2 0x4000000 syz-executor 52747 265535 86836 0 2 0 syz-executor 52747 320298 86836 0 2 0x4000000 syz-executor 48424 225330 15670 0 2 0 syz-executor 48424 338850 15670 0 2 0x4000000 syz-executor 48424 133061 15670 0 3 0x4000080 fsleep syz-executor 48424 430242 15670 0 3 0x4000080 fsleep syz-executor 23732 13859 0 0 3 0x14200 bored sosplice 15670 401698 72981 0 3 0x82 nanoslp syz-executor 16130 47445 72981 0 3 0x82 nanoslp syz-executor 18830 253006 72981 0 3 0x82 nanoslp syz-executor 86836 246121 72981 0 3 0x82 nanoslp syz-executor 57550 313877 72981 0 3 0x82 nanoslp syz-executor 96661 467499 72981 0 3 0x82 nanoslp syz-executor 56606 428822 72981 0 3 0x82 nanoslp syz-executor 47121 109445 72981 0 3 0x82 nanoslp syz-executor 72981 64600 80342 0 3 0x82 kqread syz-executor 80342 83347 61912 0 3 0x10008a sigsusp ksh 61912 55618 19222 0 3 0x98 kqread sshd-session 19222 202665 19101 0 3 0x92 kqread sshd-session 69591 378872 1 0 3 0x100083 ttyin getty 19101 399600 1 0 3 0x88 kqread sshd 91995 26014 72424 73 3 0x1100090 kqread syslogd 72424 130928 1 0 3 0x100082 sbwait syslogd 29957 319568 1 0 3 0x100080 kqread resolvd 64567 384342 19120 77 3 0x100092 kqread dhcpleased 90937 457146 19120 77 3 0x100092 kqread dhcpleased 19120 61676 1 0 3 0x80 kqread dhcpleased 27297 287108 0 0 3 0x14200 bored smr 22154 518561 0 0 2 0x14200 zerothread 56559 48702 0 0 3 0x14200 aiodoned aiodoned 31446 482666 0 0 3 0x14200 syncer update 89904 38160 0 0 3 0x14200 cleaner cleaner 59626 11124 0 0 3 0x14200 reaper reaper 34957 492983 0 0 3 0x14200 pgdaemon pagedaemon 22372 166929 0 0 3 0x14200 bored viomb 84230 163549 0 0 3 0x40014200 acpi0 acpi0 37599 504908 0 0 3 0x14200 bored softnet3 34487 286157 0 0 3 0x14200 bored softnet2 97145 89993 0 0 3 0x14200 bored softnet1 64437 17391 0 0 3 0x14200 bored softnet0 86741 27687 0 0 3 0x14200 bored systqmp 75527 307012 0 0 3 0x14200 bored systq 55567 170783 0 0 3 0x40014200 tmoslp softclock 82593 2193 0 0 3 0x40014200 idle0 1 58878 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10174 11107K 11446K 166960K 11423 0 pcb 17 12K 12K 166960K 26 0 rtable 241 7K 8K 166960K 377 0 pf 30 12K 14K 166960K 43 0 ifaddr 42 7K 8K 166960K 54 0 ifgroup 50 2K 2K 166960K 68 0 sysctl 1 1K 1K 166960K 1 0 counters 30 17K 18K 166960K 41 0 ioctlops 0 0K 4K 166960K 42 0 iov 0 0K 12K 166960K 3 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1341 84K 85K 166960K 1411 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 3 1K 1K 166960K 6 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 93K 166960K 206 0 proc 60 59K 116K 166960K 480 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 7 0 in_multi 99 7K 7K 166960K 106 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 55 254K 254K 166960K 55 0 exec 0 0K 1K 166960K 357 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 232 152K 162K 166960K 3427 0 UVM aobj 6 2K 2K 166960K 6 0 pinsyscall 39 78K 94K 166960K 1250 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 4 0 NDP 11 0K 2K 166960K 32 0 temp 36 8674K 8738K 166960K 4068 0 kqueue 15 24K 30K 166960K 53 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 42 0 39 1 0 1 1 0 8 0 rtentry 136 115 0 4 4 0 4 4 0 8 0 unpcb 144 80 0 61 2 1 1 2 0 8 0 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpcb 808 20 0 16 1 0 1 1 0 8 0 arp 88 18 0 0 1 0 1 1 0 8 0 inpcb 344 107 0 97 2 1 1 2 0 8 0 nd6 104 25 0 0 1 0 1 1 0 8 0 pkpcb 40 131 0 130 2 1 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1072 8 0 8 1 1 0 1 0 8 0 pppxif 1384 3 0 3 1 1 0 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfrule 1344 2 0 2 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 466 0 12 29 0 29 29 0 8 0 art_table 32 467 0 12 4 0 4 4 0 8 0 art_node 16 113 0 12 1 0 1 1 0 8 0 semapl 112 1 0 1 1 0 1 1 0 8 1 shmpl 112 3 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1674 0 170 95 0 95 95 0 8 0 ffsino 248 1674 0 170 95 0 95 95 0 8 0 nchpl 144 1957 0 280 63 0 63 63 0 8 0 uvmvnodes 80 1791 0 0 37 0 37 37 0 8 0 vnodes 216 1792 0 0 100 0 100 100 0 8 0 namei 1024 5813 0 5810 2 1 1 2 0 8 0 kstatmem 264 32 0 10 2 0 2 2 0 8 0 scxspl 216 6249 0 6249 3 2 1 3 1 8 1 plimitpl 152 35 0 19 1 0 1 1 0 8 0 sigapl 424 490 0 443 6 0 6 6 0 8 0 futexpl 64 1198 0 1194 1 0 1 1 0 8 0 knotepl 120 6242 0 5943 10 0 10 10 0 8 0 kqueuepl 184 55 0 43 1 0 1 1 0 8 0 pipepl 296 104 0 76 3 0 3 3 0 8 0 fdescpl 440 473 0 443 5 1 4 5 0 8 0 filepl 120 1830 0 1609 9 2 7 9 0 8 0 lockfpl 104 17 0 15 1 0 1 1 0 8 0 lockfspl 48 10 0 8 1 0 1 1 0 8 0 sessionpl 144 22 0 14 1 0 1 1 0 8 0 pgrppl 48 30 0 14 1 0 1 1 0 8 0 ucredpl 104 132 0 121 1 0 1 1 0 8 0 zombiepl 144 448 0 448 1 0 1 1 0 8 1 processpl 1112 490 0 443 4 0 4 4 0 8 0 procpl 656 593 0 534 7 1 6 6 0 8 0 sosppl 168 2 0 2 1 1 0 1 0 8 0 sockpl 528 360 0 327 7 4 3 7 0 8 0 mcl64k 65536 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 5 0 5 1 1 0 1 0 8 0 mcl4k 4096 2523 0 2473 14 7 7 14 0 8 0 mcl2k 2048 180 0 179 2 1 1 2 0 8 0 mtagpl 96 110 0 4 3 0 3 3 0 8 0 mbufpl 256 4795 0 4537 17 0 17 17 0 8 0 bufpl 280 2468 0 118 168 0 168 168 0 8 0 anonpl 24 108691 0 103520 54 22 32 44 0 187 0 amapchunkpl 152 10258 0 9625 31 6 25 25 0 158 0 amappl16 200 2232 0 2205 14 11 3 14 0 8 0 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 110 0 100 1 0 1 1 0 8 0 amappl13 176 6 0 6 1 1 0 1 0 8 0 amappl12 168 1086 0 1056 3 1 2 3 0 8 0 amappl11 160 43 0 33 1 0 1 1 0 8 0 amappl10 152 30 0 30 1 1 0 1 0 8 0 amappl9 144 235 0 235 1 1 0 1 0 8 0 amappl8 136 43 0 42 1 0 1 1 0 8 0 amappl7 128 106 0 96 1 0 1 1 0 8 0 amappl6 120 174 0 170 1 0 1 1 0 8 0 amappl5 112 128 0 122 1 0 1 1 0 8 0 amappl4 104 297 0 281 1 0 1 1 0 8 0 amappl3 96 1635 0 1520 3 0 3 3 0 8 0 amappl2 88 627 0 569 2 0 2 2 0 8 0 amappl1 80 8411 0 7864 13 0 13 13 0 8 0 amappl 88 2757 0 2589 4 0 4 4 0 92 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 5 0 0 1 0 1 1 0 8 0 uaddrrnd 24 473 0 443 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 473 0 443 1 0 1 1 0 8 0 vmmpekpl 168 5501 0 5467 2 0 2 2 0 8 0 vmmpepl 168 37150 0 35266 92 9 83 91 0 357 0 vmsppl 360 472 0 443 4 1 3 4 0 8 0 rwobjpl 32 15027 0 12378 23 0 23 23 0 8 0 pdppl 4096 952 0 886 98 32 66 80 0 8 0 pvpl 32 238234 0 227691 112 24 88 99 0 265 0 pmappl 216 472 0 443 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 269 0 47 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_semop(ffff80002a7acf78,ffff80003c9676c0,ffff80003c967610) at sys_semop+0x3ae sys/kern/sysv_sem.c:620 syscall(ffff80003c9676c0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9676c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x21027a5a950, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_semop(ffff80002a7acf78,ffff80003c9676c0,ffff80003c967610) at sys_semop+0x3ae sys/kern/sysv_sem.c:620 syscall(ffff80003c9676c0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9676c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x21027a5a950, count: -3