kernel: protection fault trap, code=0 Stopped at sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_semop(ffff80003c98e570,ffff80003ca09d50,ffff80003ca09ca0) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003ca09d50) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003ca09d50) at syscall+0x962 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x509a3f900, count: -3 ddb> show registers rdi 0 rsi 0x1c rbp 0xffff80003ca09c80 rbx 0xdeaf4152deaf6546 rdx 0 rcx 0 rax 0xffff80003c98e570 r8 0x7f7fffffc000 r9 0 r10 0xfddb0219c9552cbe r11 0x54309e2088fcc557 r12 0x1c r13 0xfffffd806b5933f0 r14 0xffff80003ca09d50 r15 0x1c rip 0xffffffff8103a612 sys_semop+0x352 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003ca09b90 ss 0x10 sys_semop+0x352: movzwl 0x8(%rbx),%r15d ddb> show proc PROC (syz-executor) tid=235012 pid=55496 tcnt=2 stat=onproc flags process=1000 proc=4080000 runpri=81, usrpri=81, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80003c98fa30 scnt=1 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c98fa30,0xffff80002a7f4a90 process=0xffff80003c9928b0 user=0xffff80003ca04000, vmspace=0xfffffd806ba31010 estcpu=31, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 25062 247009 914 0 2 0 syz-executor 25062 72983 914 0 3 0x4000080 fsleep syz-executor 25062 331405 914 0 3 0x4000080 fsleep syz-executor 47865 178077 6984 0 2 0 syz-executor 47865 166636 6984 0 3 0x4000080 fsleep syz-executor 47865 514260 6984 0 3 0x4000080 fsleep syz-executor 47865 50261 6984 0 3 0x4000080 fsleep syz-executor 42206 96063 61951 0 3 0x3000 suspend syz-executor 42206 289957 61951 0 2 0x4081000 syz-executor 84719 125858 59354 0 2 0 syz-executor 84719 253540 59354 0 3 0x4000080 kqsel syz-executor 84719 296111 59354 0 3 0x4000080 fsleep syz-executor 84719 495558 59354 0 3 0x4000080 fsleep syz-executor 55496 111350 68562 0 3 0x3000 suspend syz-executor *55496 235012 68562 0 7 0x4081000 syz-executor 71571 403065 0 0 3 0x14200 bored sosplice 44036 506953 0 0 3 0x14280 nfsidl nfsio 31719 53496 0 0 3 0x14280 nfsidl nfsio 7346 121351 0 0 3 0x14280 nfsidl nfsio 21200 22101 0 0 3 0x14280 nfsidl nfsio 76473 511522 0 0 3 0x14280 nfsidl nfsio 13773 310314 0 0 3 0x14280 nfsidl nfsio 39659 334962 0 0 3 0x14280 nfsidl nfsio 81665 494369 0 0 3 0x14280 nfsidl nfsio 4342 443224 0 0 3 0x14280 nfsidl nfsio 26594 439279 0 0 3 0x14280 nfsidl nfsio 95033 269834 0 0 3 0x14280 nfsidl nfsio 34179 134380 0 0 3 0x14280 nfsidl nfsio 3524 302462 0 0 3 0x14280 nfsidl nfsio 19511 53107 0 0 3 0x14280 nfsidl nfsio 63889 58921 0 0 3 0x14280 nfsidl nfsio 86083 324437 0 0 3 0x14280 nfsidl nfsio 65513 6817 0 0 3 0x14280 nfsidl nfsio 11866 1867 0 0 3 0x14280 nfsidl nfsio 44572 125444 0 0 3 0x14280 nfsidl nfsio 52086 84819 0 0 3 0x14280 nfsidl nfsio 6984 421053 59699 0 3 0x82 nanoslp syz-executor 59354 85217 59699 0 3 0x82 nanoslp syz-executor 61951 409171 59699 0 3 0x82 nanoslp syz-executor 70792 335657 59699 0 2 0x2 syz-executor 69642 281281 59699 0 3 0x82 nanoslp syz-executor 914 265124 59699 0 3 0x82 nanoslp syz-executor 68562 480274 59699 0 3 0x82 nanoslp syz-executor 58345 382980 59699 0 3 0x82 nanoslp syz-executor 59699 287521 77454 0 3 0x82 kqread syz-executor 77454 100910 56666 0 3 0x10008a sigsusp ksh 56666 191800 80155 0 3 0x98 kqread sshd-session 80155 39030 10956 0 3 0x92 kqread sshd-session 79025 514580 1 0 3 0x100083 ttyopn getty 10956 488732 1 0 3 0x88 kqread sshd 9663 153130 46821 73 3 0x1100090 kqread syslogd 46821 57836 1 0 3 0x100082 sbwait syslogd 6522 473676 1 0 3 0x100080 kqread resolvd 50185 163749 12619 77 3 0x100092 kqread dhcpleased 24102 207621 12619 77 3 0x100092 kqread dhcpleased 12619 470650 1 0 3 0x80 kqread dhcpleased 2287 144007 0 0 3 0x14200 bored smr 63660 26022 0 0 2 0x14200 zerothread 55316 71879 0 0 3 0x14200 aiodoned aiodoned 97210 281930 0 0 3 0x14200 syncer update 99910 177006 0 0 3 0x14200 cleaner cleaner 60001 133158 0 0 3 0x14200 reaper reaper 74820 497051 0 0 3 0x14200 pgdaemon pagedaemon 72114 377090 0 0 3 0x14200 bored viomb 156 277864 0 0 3 0x40014200 acpi0 acpi0 85888 167112 0 0 3 0x14200 bored softnet7 71545 140396 0 0 3 0x14200 bored softnet6 24442 205858 0 0 3 0x14200 bored softnet5 88181 16980 0 0 3 0x14200 bored softnet4 40544 489325 0 0 3 0x14200 bored softnet3 41357 23158 0 0 3 0x14200 bored softnet2 68535 410652 0 0 3 0x14200 bored softnet1 3723 148138 0 0 3 0x14200 bored softnet0 58186 465137 0 0 3 0x14200 bored systqmp 30939 207780 0 0 3 0x14200 bored systq 1863 356097 0 0 3 0x40014200 tmoslp softclock 67673 273104 0 0 3 0x40014200 idle0 1 190001 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10218 11076K 11399K 166960K 11750 0 pcb 17 13K 20K 166960K 158 0 rtable 216 7K 7K 166960K 416 0 pf 31 13K 17K 166960K 65 0 ifaddr 43 7K 8K 166960K 63 0 ifgroup 53 2K 2K 166960K 89 0 sysctl 3 1K 9K 166960K 12 0 counters 32 17K 18K 166960K 48 0 ioctlops 0 0K 4K 166960K 86 0 iov 0 0K 16K 166960K 22 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1432 90K 90K 166960K 1748 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 7 0 VM map 2 1K 1K 166960K 2 0 sem 11 0K 1K 166960K 15 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 449 0 sigio 0 0K 0K 166960K 9 0 proc 60 59K 91K 166960K 499 0 subproc 72 4K 4K 166960K 73 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 46 0 in_multi 99 7K 7K 166960K 122 0 ether_multi 1 0K 0K 166960K 2 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 247 1102K 1102K 166960K 247 0 exec 0 0K 2K 166960K 390 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 244 143K 152K 166960K 5623 0 UVM aobj 74 3K 3K 166960K 74 0 pinsyscall 38 76K 96K 166960K 1478 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 14 0 NDP 11 0K 2K 166960K 38 0 temp 39 8630K 8726K 166960K 12086 0 kqueue 14 22K 27K 166960K 87 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 94 0 91 2 0 2 2 0 8 1 rtentry 136 118 0 26 4 0 4 4 0 8 0 unpcb 144 246 0 228 2 0 2 2 0 8 1 syncache 336 5 0 5 2 1 1 1 0 8 1 tcpqe 32 3 0 3 1 0 1 1 0 8 1 tcpcb 736 113 0 107 4 0 4 4 0 8 3 arp 88 13 0 2 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 1 0 0 1 0 1 1 0 8 0 inpcb 328 419 0 404 4 0 4 4 0 8 2 ip6q 72 4 0 3 1 0 1 1 0 8 0 ip6af 40 7 0 6 1 0 1 1 0 8 0 nd6 104 19 0 2 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1072 11 0 11 1 0 1 1 0 8 1 pppxif 1384 2 0 2 1 0 1 1 0 8 1 pfrule 1344 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 573 0 127 30 0 30 30 0 8 0 art_table 40 576 0 127 5 0 5 5 0 8 0 art_node 32 118 0 42 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 1 1 0 1 1 0 8 1 semapl 112 10 0 2 1 0 1 1 0 8 0 shmpl 112 71 0 0 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2206 0 713 95 0 95 95 0 8 0 ffsino 256 2206 0 713 95 0 95 95 0 8 0 nchpl 144 2816 0 1139 63 0 63 63 0 8 0 rtmask 32 1 0 1 1 0 1 1 0 8 1 uvmvnodes 80 2516 0 0 52 0 52 52 0 8 0 vnodes 216 2516 0 0 140 0 140 140 0 8 0 namei 1024 9451 0 9450 3 2 1 2 0 8 0 kstatmem 264 44 0 22 2 0 2 2 0 8 0 scsiplug 72 5 0 5 1 0 1 1 0 8 1 scxspl 216 10497 0 10497 15 7 8 8 1 8 8 plimitpl 152 123 0 106 1 0 1 1 0 8 0 sigapl 424 743 0 673 10 1 9 9 0 8 0 knotepl 120 14236 0 14187 10 0 10 10 0 8 8 kqueuepl 184 186 0 175 4 0 4 4 0 8 3 pipepl 304 126 0 97 3 0 3 3 0 8 0 fdescpl 448 702 0 673 5 1 4 5 0 8 0 filepl 120 4091 0 3868 11 0 11 11 0 8 3 lockfpl 104 315 0 312 2 0 2 2 0 8 1 lockfspl 48 66 0 63 1 0 1 1 0 8 0 sessionpl 144 23 0 15 1 0 1 1 0 8 0 pgrppl 48 106 0 90 1 0 1 1 0 8 0 ucredpl 104 536 0 524 1 0 1 1 0 8 0 zombiepl 144 877 0 872 1 0 1 1 0 8 0 processpl 1152 743 0 673 7 1 6 6 0 8 0 procpl 664 1291 0 1210 9 1 8 8 0 8 0 sosppl 168 1 0 1 1 0 1 1 0 8 1 sockpl 552 830 0 794 7 0 7 7 0 8 3 mcl64k 65536 45 0 45 1 0 1 1 0 8 1 mcl12k 12288 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 12 0 12 2 1 1 1 0 8 1 mcl4k 4096 2897 0 2847 14 7 7 14 0 8 0 mcl2k 2048 850 0 848 10 2 8 9 0 8 7 mtagpl 96 7 0 6 2 1 1 1 0 8 0 mbufpl 256 7842 0 7656 41 20 21 41 0 8 6 bufpl 280 4514 0 118 314 0 314 314 0 8 0 anonpl 24 137353 0 134081 56 12 44 44 0 187 16 amapchunkpl 152 18091 0 17551 32 5 27 27 0 158 6 amappl16 200 2488 0 2458 18 4 14 15 0 8 11 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 129 0 119 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 1318 0 1289 3 1 2 3 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 54 0 54 1 1 0 1 0 8 0 amappl9 144 272 0 272 1 1 0 1 0 8 0 amappl8 136 21 0 20 1 0 1 1 0 8 0 amappl7 128 104 0 94 1 0 1 1 0 8 0 amappl6 120 172 0 169 1 0 1 1 0 8 0 amappl5 112 132 0 125 1 0 1 1 0 8 0 amappl4 104 281 0 264 1 0 1 1 0 8 0 amappl3 96 3289 0 3168 4 0 4 4 0 8 0 amappl2 88 631 0 576 2 0 2 2 0 8 0 amappl1 80 9650 0 9099 15 1 14 14 0 8 1 amappl 88 4912 0 4730 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 73 0 0 2 0 2 2 0 8 0 uaddrrnd 24 702 0 673 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 702 0 673 1 0 1 1 0 8 0 vmmpekpl 168 7244 0 7212 2 0 2 2 0 8 0 vmmpepl 168 50938 0 49048 91 1 90 90 0 357 3 vmsppl 368 701 0 673 4 1 3 4 0 8 0 rwobjpl 40 18925 0 15456 37 0 37 37 0 8 0 pdppl 4096 1410 0 1346 102 34 68 82 0 8 4 pvpl 32 331524 0 323040 123 15 108 108 0 265 24 pmappl 216 701 0 673 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 417 0 71 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_semop(ffff80003c98e570,ffff80003ca09d50,ffff80003ca09ca0) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003ca09d50) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003ca09d50) at syscall+0x962 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x509a3f900, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_semop(ffff80003c98e570,ffff80003ca09d50,ffff80003ca09ca0) at sys_semop+0x352 sys/kern/sysv_sem.c:622 syscall(ffff80003ca09d50) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003ca09d50) at syscall+0x962 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x509a3f900, count: -3