As written now, it copies random kernel memory from beyond the bounds of the array.
While there, use designated initialisers for seminfo, and add assert in sem_remove() that sema is sane. [These will be separate commits].
Reported and tested by: pho