panic: proc_dtor: non-empty p_ktr
cpuid = 0
time = 1750973743
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056cbb350
kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056cbb4b0
vpanic() at vpanic+0x257/frame 0xfffffe0056cbb670
panic() at panic+0xb5/frame 0xfffffe0056cbb730
proc_dtor() at proc_dtor+0x532/frame 0xfffffe0056cbb780
item_dtor() at item_dtor+0xc3/frame 0xfffffe0056cbb7d0
uma_zfree_arg() at uma_zfree_arg+0x10a/frame 0xfffffe0056cbb870
proc_reap() at proc_reap+0xab4/frame 0xfffffe0056cbb8d0
proc_to_reap() at proc_to_reap+0x6e9/frame 0xfffffe0056cbb930
kern_wait6() at kern_wait6+0x34b/frame 0xfffffe0056cbba10
sys_wait4() at sys_wait4+0x1c4/frame 0xfffffe0056cbbd10
amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056cbbf30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056cbbf30
--- syscall (7, FreeBSD ELF64, wait4), rip = 0x3a223a, rsp = 0x820c78498, rbp = 0x820c784d0 ---
KDB: enter: panic
[ thread pid 764 tid 100098 ]
Stopped at kdb_enter+0x6e: movq $0,0x25b9d27(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b
es 0x3b
fs 0x13
gs 0x1b
ss 0x28
rax 0x12
rcx 0xfffffe0072600000
rdx 0x7ffff
rbx 0xffffffff827baf60 .str.27
rsp 0xfffffe0056cbb490
rbp 0xfffffe0056cbb4b0
rsi 0x80001
rdi 0xffffffff81618ad9 printf+0x149
r8 0
r9 0xffffffff
r10 0
r11 0xfffffe00540c1550
r12 0xfffffe00540c1000
r13 0xfffffffffffffffe
r14 0xffffffff827baf60 .str.27
r15 0
rip 0xffffffff8160266e kdb_enter+0x6e
rflags 0x46
kdb_enter+0x6e: movq $0,0x25b9d27(%rip)
db> show proc
Process 764 (syz-executor) at 0xfffffe0054007ae0:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 763 at 0xfffffe00540095c0
ABI: FreeBSD ELF64
flag: 0x10004000 flag2: 0
arguments: ./syz-executor exec
reaper: 0xfffffe0007809040 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe0007810b68
(map 0xfffffe0007810b68)
(map.pmap 0xfffffe0007810c08)
(pmap 0xfffffe0007810c78)
threads: 1
100098 Run CPU 0 syz-executor
db> ps
pid ppid pgrp uid state wmesg wchan cmd
890 765 765 0 R (threaded) syz-executor
100188 RunQ syz-executor
100219 S uwait 0xfffffe006e51e500 syz-executor
889 767 767 0 R (threaded) syz-executor
100208 RunQ syz-executor
100214 S pipdwt 0xfffffe006e4d6000 syz-executor
100215 S uwait 0xfffffe006e51e400 syz-executor
100216 S uwait 0xfffffe006e51e200 syz-executor
888 766 766 0 R (threaded) syz-executor
100144 RunQ syz-executor
100217 S uwait 0xfffffe006e51e800 syz-executor
886 1 764 0 S uwait 0xfffffe0059648e00 syz-executor
882 1 767 0 S uwait 0xfffffe0059644480 syz-executor
873 1 766 0 S uwait 0xfffffe006e51ee80 syz-executor
869 1 765 0 S uwait 0xfffffe00584e9000 syz-executor
863 1 765 0 S uwait 0xfffffe0059648b00 syz-executor
862 1 764 0 SV uwait 0xfffffe0059646200 syz-executor
856 1 856 0 Ss+ ttyin 0xfffffe0057dfa8b0 getty
855 1 855 0 Ss+ ttyin 0xfffffe0053f6d0b0 getty
854 1 854 0 Ss+ ttyin 0xfffffe00582914b0 getty
853 1 853 0 Ss+ ttyin 0xfffffe0053f6d8b0 getty
852 1 852 0 Ss+ ttyin 0xfffffe0058291cb0 getty
851 1 851 0 Ss+ ttyin 0xfffffe00582924b0 getty
850 1 850 0 Ss+ ttyin 0xfffffe0053f6e0b0 getty
849 1 849 0 Ss+ ttyin 0xfffffe0053f6e8b0 getty
848 1 848 0 Ss+ ttyin 0xfffffe0053f6f0b0 getty
839 0 0 0 DL (threaded) [so_splice]
100097 D - 0xfffffe000776e380 [thr_0]
100148 D - 0xfffffe000776e3c0 [thr_1]
837 1 767 0 SV uwait 0xfffffe0059648480 syz-executor
822 813 822 0 Ss select 0xfffffe00596e7740 dhclient
813 1 424 65 S select 0xfffffe00596e79c0 dhclient
808 0 0 0 DL aiordy 0xfffffe0054009060 [aiod4]
807 0 0 0 DL aiordy 0xfffffe000780a060 [aiod3]
806 0 0 0 DL aiordy 0xfffffe0007809b00 [aiod2]
805 0 0 0 DL aiordy 0xfffffe0054006ac0 [aiod1]
767 763 767 0 R syz-executor
766 763 766 0 R syz-executor
765 763 765 0 R syz-executor
764 763 764 0 R CPU 0 syz-executor
763 761 761 0 R syz-executor
761 1 761 0 Ss sigsusp 0xfffffe00540d8670 csh
17 0 0 0 DL syncer 0xffffffff83cbafa0 [syncer]
16 0 0 0 DL vlruwt 0xfffffe0007828040 [vnlru]
15 0 0 0 DL (threaded) [bufdaemon]
100080 D psleep 0xffffffff83cb9560 [bufdaemon]
100081 D - 0xffffffff83001ec0 [bufspacedaemon-0]
100095 D sdflush 0xfffffe00595948e8 [/ worker]
9 0 0 0 DL psleep 0xffffffff83d04400 [vmdaemon]
8 0 0 0 DL (threaded) [pagedaemon]
100078 D psleep 0xffffffff83cea4c8 [dom0]
100084 D launds 0xffffffff83cea4d4 [laundry: dom0]
100085 D umarcl 0xffffffff81dd8620 [uma]
7 0 0 0 DL - 0xffffffff8391acd0 [rand_harvestq]
6 0 0 0 DL pftm 0xffffffff843b1980 [pf purge]
5 0 0 0 DL waiting 0xffffffff84743700 [sctp_iterator]
4 0 0 0 DL (threaded) [cam]
100046 D - 0xffffffff838e5340 [doneq0]
100047 D - 0xffffffff838e52c0 [async]
100076 D - 0xffffffff838e5140 [scanner]
3 0 0 0 DL (threaded) [crypto]
100043 D crypto_ 0xffffffff83ce5d80 [crypto]
100044 D crypto_ 0xfffffe0007a6fc30 [crypto returns 0]
100045 D crypto_ 0xfffffe0007a6fc80 [crypto returns 1]
14 0 0 0 DL seqstat 0xfffffe0053ff0088 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100037 D - 0xffffffff83b45f20 [g_event]
100038 D - 0xffffffff83b45f40 [g_up]
100039 D - 0xffffffff83b45f60 [g_down]
2 0 0 0 RL (threaded) [clock]
100031 I [clock (0)]
100032 Run CPU 1 [clock (1)]
12 0 0 0 WL (threaded) [intr]
100013 I [swi6: task queue]
100014 I [swi6: Giant taskq]
100016 I [swi5: fast taskq]
100033 I [swi1: netisr 0]
100034 I [swi1: hpts]
100035 I [swi1: hpts]
100048 I [irq24: virtio_pci0]
100049 I [irq25: virtio_pci0]
100050 I [irq26: virtio_pci0]
100051 I [irq27: virtio_pci0]
100052 I [irq28: virtio_pci1]
100053 I [irq29: virtio_pci1]
100054 I [irq30: virtio_pci1]
100055 I [irq31: virtio_pci1]
100056 I [irq32: virtio_pci1]
100061 I [irq10: virtio_pci2]
100063 I [irq1: atkbd0]
100064 I [irq12: psm0]
100065 I [swi0: uart uart++]
100069 I [swi1: pf send]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffffe0007809040 [init]
10 0 0 0 DL audit_w 0xffffffff83ce6820 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D parked 0xffffffff84c36ff0 [swapper]
100005 D - 0xfffffe0053e9c800 [softirq_0]
100006 D - 0xfffffe0053e9c700 [softirq_1]
100007 D - 0xfffffe0053e9c600 [if_io_tqg_0]
100008 D - 0xfffffe0053e9c500 [if_io_tqg_1]
100009 D - 0xfffffe0053e9c400 [if_config_tqg_0]
100010 D - 0xfffffe0007769b00 [kqueue_ctx taskq]
100011 D - 0xfffffe0007769a00 [jail_remove taskq]
100012 D - 0xfffffe0007769900 [bus taskq]
100015 D - 0xfffffe0007769600 [thread taskq]
100017 D - 0xfffffe0007769400 [aiod_kick taskq]
100018 D - 0xfffffe0007769300 [deferred_unmount ta]
100019 D - 0xfffffe0007769200 [inm_free taskq]
100020 D - 0xfffffe0007769100 [in6m_free taskq]
100021 D - 0xfffffe0007769000 [linuxkpi_irq_wq]
100022 D - 0xfffffe0007768e00 [linuxkpi_short_wq_0]
100023 D - 0xfffffe0007768e00 [linuxkpi_short_wq_1]
100024 D - 0xfffffe0007768e00 [linuxkpi_short_wq_2]
100025 D - 0xfffffe0007768e00 [linuxkpi_short_wq_3]
100026 D - 0xfffffe0007768d00 [linuxkpi_long_wq_0]
100027 D - 0xfffffe0007768d00 [linuxkpi_long_wq_1]
100028 D - 0xfffffe0007768d00 [linuxkpi_long_wq_2]
100029 D - 0xfffffe0007768d00 [linuxkpi_long_wq_3]
100036 D - 0xfffffe0007768a00 [firmware taskq]
100041 D - 0xfffffe0007768700 [crypto_0]
100042 D - 0xfffffe0007768700 [crypto_1]
100057 D - 0xfffffe0007768300 [vtnet0 rxq 0]
100058 D - 0xfffffe0007768200 [vtnet0 txq 0]
100059 D - 0xfffffe0007768100 [vtnet0 rxq 1]
100060 D - 0xfffffe0007768000 [vtnet0 txq 1]
100062 D vtbslp 0xfffffe0057d7eb80 [virtio_balloon]
100066 D - 0xffffffff827c0300 [deadlkres]
100070 D - 0xfffffe00593dc300 [acpi_task_0]
100071 D - 0xfffffe00593dc300 [acpi_task_1]
100072 D - 0xfffffe00593dc300 [acpi_task_2]
100074 D - 0xfffffe0007769c00 [mca taskq]
100075 D - 0xfffffe0007768600 [CAM taskq]
100077 D - 0xfffffe0007767b00 [ipsec_offload]
db> show all locks
Process 763 (syz-executor) thread 0xfffffe00540e8780 (100109)
exclusive sleep mutex pipe mutex (pipe mutex) r = 0 (0xfffffe0059824f70) locked @ /syzkaller/managers/main/kernel/sys/kern/sys_pipe.c:1506
db>