panic: mq notifiers left cpuid = 1 time = 6 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056d01810 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056d01970 vpanic() at vpanic+0x257/frame 0xfffffe0056d01b30 panic() at panic+0xb5/frame 0xfffffe0056d01c00 mq_proc_exit() at mq_proc_exit+0x1cc/frame 0xfffffe0056d01c50 exit1() at exit1+0x62b/frame 0xfffffe0056d01cf0 sys_exit() at sys_exit+0x28/frame 0xfffffe0056d01d10 amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056d01f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056d01f30 --- syscall (1, FreeBSD ELF64, exit), rip = 0x3a1e9a, rsp = 0x821068fc8, rbp = 0x821068fd0 --- KDB: enter: panic [ thread pid 1054 tid 100087 ] Stopped at kdb_enter+0x6e: movq $0,0x25c3b67(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0002bf1850 rdx 0 rbx 0xffffffff827be6c0 .str.27 rsp 0xfffffe0056d01950 rbp 0xfffffe0056d01970 rsi 0 rdi 0xffffffff81611af9 printf+0x149 r8 0 r9 0xffffffff r10 0x1 r11 0 r12 0xfffffe00540aa780 r13 0xfffffffffffffffd r14 0xffffffff827be6c0 .str.27 r15 0 rip 0xffffffff815fb62e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25c3b67(%rip) db> show proc Process 1054 (syz-executor) at 0xfffffe00540055c0: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 764 at 0xfffffe00540a65a0 ABI: FreeBSD ELF64 flag: 0x10002000 flag2: 0x40000 arguments: ./syz-executor exec reaper: 0xfffffe0007809040 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe0054158000 (map 0xfffffe0054158000) (map.pmap 0xfffffe00541580a0) (pmap 0xfffffe0054158110) threads: 1 100087 Run CPU 1 syz-executor db> ps pid ppid pgrp uid state wmesg wchan cmd 1056 763 763 0 R (threaded) syz-executor 100386 RunQ syz-executor 100435 S fifoor 0xfffffe0007738dc8 syz-executor 1055 765 765 0 R (threaded) syz-executor 100088 RunQ syz-executor 100431 D biowr 0xfffffe0007d01c58 syz-executor 100433 S uwait 0xfffffe00776c1e00 syz-executor 1054 764 764 0 RE CPU 1 syz-executor 1053 1050 1050 0 S uwait 0xfffffe00776c1b80 syz-executor 1052 1050 766 0 S uwait 0xfffffe00776c1a00 syz-executor 1051 1050 766 0 S uwait 0xfffffe00776c1900 syz-executor 1050 766 1050 0 S (threaded) syz-executor 100205 S nanslp 0xffffffff83ba0340 syz-executor 100420 S select 0xfffffe0057e036c0 syz-executor 100424 S uwait 0xfffffe00776c1800 syz-executor 1045 1 766 0 S uwait 0xfffffe0057d92980 syz-executor 1042 1 765 0 S uwait 0xfffffe0057d92880 syz-executor 1037 781 423 0 S nanslp 0xffffffff83ba0341 sleep 1035 1 1035 0 Ss+ ttyin 0xfffffe0053fdacb0 getty 1034 1 1034 0 Ss+ ttyin 0xfffffe005861d4b0 getty 1033 1 1033 0 Ss+ ttyin 0xfffffe005861d8b0 getty 1032 1 1032 0 Ss+ ttyin 0xfffffe005861dcb0 getty 1031 1 1031 0 Ss+ ttyin 0xfffffe0053fd9cb0 getty 1027 1 1027 0 Ss+ ttyin 0xfffffe005861e0b0 getty 1026 1 1026 0 Ss+ ttyin 0xfffffe005861e4b0 getty 1024 1 1024 0 Ss+ ttyin 0xfffffe005861e8b0 getty 1023 1 1023 0 Ss+ ttyin 0xfffffe005861ecb0 getty 1022 1 763 0 S uwait 0xfffffe00776c2380 syz-executor 1020 1 763 0 S uwait 0xfffffe006dec4480 syz-executor 1011 0 0 0 DL aiordy 0xfffffe0054136020 [aiod21] 1010 0 0 0 DL aiordy 0xfffffe0054136580 [aiod20] 1009 0 0 0 DL aiordy 0xfffffe0054136ae0 [aiod19] 1008 0 0 0 DL aiordy 0xfffffe0054137040 [aiod18] 1007 0 0 0 DL aiordy 0xfffffe005410b060 [aiod17] 1006 0 0 0 DL aiordy 0xfffffe005410b5c0 [aiod16] 1005 0 0 0 DL aiordy 0xfffffe005412d000 [aiod15] 1004 0 0 0 DL aiordy 0xfffffe00541375a0 [aiod14] 1003 0 0 0 DL aiordy 0xfffffe0054137b00 [aiod13] 1002 0 0 0 DL aiordy 0xfffffe0054138060 [aiod12] 1001 0 0 0 DL aiordy 0xfffffe005412d560 [aiod11] 1000 0 0 0 DL aiordy 0xfffffe00541385c0 [aiod10] 999 0 0 0 DL aiordy 0xfffffe005412f040 [aiod9] 998 0 0 0 DL aiordy 0xfffffe005412f5a0 [aiod8] 997 0 0 0 DL aiordy 0xfffffe0054135000 [aiod7] 996 0 0 0 DL aiordy 0xfffffe005412dac0 [aiod6] 995 0 0 0 DL aiordy 0xfffffe005412eae0 [aiod5] 982 1 764 0 S uwait 0xfffffe00776c2080 syz-executor 981 1 763 0 S uwait 0xfffffe0057cfb300 syz-executor 977 1 764 0 S uwait 0xfffffe0057d8fd00 syz-executor 975 1 763 0 S uwait 0xfffffe00776c2180 syz-executor 970 0 0 0 DL - 0xffffffff83cb0400 [soaiod4] 969 0 0 0 DL - 0xffffffff83cb0400 [soaiod3] 968 0 0 0 DL - 0xffffffff83cb0400 [soaiod2] 967 0 0 0 DL - 0xffffffff83cb0400 [soaiod1] 955 1 763 0 S uwait 0xfffffe00584f1580 syz-executor 948 1 764 0 S uwait 0xfffffe0057d8f400 syz-executor 943 1 764 60928 S uwait 0xfffffe006dec5300 syz-executor 939 1 766 0 S uwait 0xfffffe00584f2d80 syz-executor 937 1 766 0 S uwait 0xfffffe006dec5600 syz-executor 934 1 764 0 S uwait 0xfffffe00584f2300 syz-executor 930 1 765 0 S uwait 0xfffffe0057d90380 syz-executor 929 1 766 0 S uwait 0xfffffe0057d8f000 syz-executor 921 1 766 0 S uwait 0xfffffe006dec5680 syz-executor 915 1 765 0 S uwait 0xfffffe0057cfb580 syz-executor 913 1 766 0 S uwait 0xfffffe00584f2080 syz-executor 909 1 764 0 S uwait 0xfffffe00584f2880 syz-executor 898 1 764 0 S uwait 0xfffffe00584f1080 syz-executor 886 1 766 60928 S uwait 0xfffffe0057d8f800 syz-executor 849 0 0 0 DL (threaded) [KTLS] 100136 D - 0xfffffe005969aa00 [thr_0] 100151 D - 0xfffffe005969aa80 [thr_1] 100152 D - 0xffffffff83cb1c28 [reclaim_0] 834 1 765 0 S uwait 0xfffffe00584f1180 syz-executor 813 0 0 0 DL aiordy 0xfffffe005410a5a0 [aiod4] 812 0 0 0 DL aiordy 0xfffffe005410ab00 [aiod3] 810 0 0 0 DL aiordy 0xfffffe00540ec5c0 [aiod2] 809 0 0 0 DL aiordy 0xfffffe00540ec060 [aiod1] 781 1 423 0 S wait 0xfffffe00540d15a0 sh 766 762 766 0 S nanslp 0xffffffff83ba0341 syz-executor 765 762 765 0 S nanslp 0xffffffff83ba0341 syz-executor 764 762 764 0 S nanslp 0xffffffff83ba0341 syz-executor 763 762 763 0 S nanslp 0xffffffff83ba0340 syz-executor 762 760 760 0 S select 0xfffffe0057e037c0 syz-executor 760 1 760 0 Ss sigsusp 0xfffffe00540d0b90 csh 16 0 0 0 DL syncer 0xffffffff83cbde20 [syncer] 15 0 0 0 DL vlruwt 0xfffffe000780a060 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83cbc360 [bufdaemon] 100080 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100093 D sdflush 0xfffffe00596814e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d07280 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83ced348 [dom0] 100083 D launds 0xffffffff83ced354 [laundry: dom0] 100084 D umarcl 0xffffffff81ddd940 [uma] 7 0 0 0 DL - 0xffffffff83918cd0 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff8477c9e0 [pf purge] 5 0 0 0 DL waiting 0xffffffff844a0700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100045 D - 0xffffffff838e3340 [doneq0] 100046 D - 0xffffffff838e32c0 [async] 100075 D - 0xffffffff838e3140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83ce8c00 [crypto] 100043 D crypto_ 0xfffffe0053ed8730 [crypto returns 0] 100044 D crypto_ 0xfffffe0053ed8780 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b48d00 [g_event] 100038 D - 0xffffffff83b48d20 [g_up] 100039 D - 0xffffffff83b48d40 [g_down] 2 0 0 0 RL (threaded) [clock] 100031 Run CPU -1 [clock (0)] 100032 I [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809040 [init] 10 0 0 0 DL audit_w 0xffffffff83ce96a0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c35ff0 [swapper] 100005 D - 0xfffffe00083fc000 [softirq_0] 100006 D - 0xfffffe00083fbe00 [softirq_1] 100007 D - 0xfffffe00083fbd00 [if_io_tqg_0] 100008 D - 0xfffffe00083fbc00 [if_io_tqg_1] 100009 D - 0xfffffe00083fbb00 [if_config_tqg_0] 100010 D - 0xfffffe00083fba00 [kqueue_ctx taskq] 100011 D - 0xfffffe00083fb900 [jail_remove taskq] 100012 D - 0xfffffe00083fb800 [bus taskq] 100015 D - 0xfffffe00083fb500 [thread taskq] 100017 D - 0xfffffe00083fb300 [aiod_kick taskq] 100018 D - 0xfffffe00083fb200 [deferred_unmount ta] 100019 D - 0xfffffe00083fb100 [inm_free taskq] 100020 D - 0xfffffe00083fb000 [in6m_free taskq] 100021 D - 0xfffffe00083fae00 [linuxkpi_irq_wq] 100022 D - 0xfffffe00083fad00 [linuxkpi_short_wq_0] 100023 D - 0xfffffe00083fad00 [linuxkpi_short_wq_1] 100024 D - 0xfffffe00083fad00 [linuxkpi_short_wq_2] 100025 D - 0xfffffe00083fad00 [linuxkpi_short_wq_3] 100026 D - 0xfffffe00083fac00 [linuxkpi_long_wq_0] 100027 D - 0xfffffe00083fac00 [linuxkpi_long_wq_1] 100028 D - 0xfffffe00083fac00 [linuxkpi_long_wq_2] 100029 D - 0xfffffe00083fac00 [linuxkpi_long_wq_3] 100036 D - 0xfffffe00083fab00 [firmware taskq] 100040 D - 0xfffffe00083faa00 [crypto_0] 100041 D - 0xfffffe00083faa00 [crypto_1] 100056 D - 0xfffffe00083fa800 [vtnet0 rxq 0] 100057 D - 0xfffffe00083fa700 [vtnet0 txq 0] 100058 D - 0xfffffe00083fa600 [vtnet0 rxq 1] 100059 D - 0xfffffe00083fa500 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe0057e03c80 [virtio_balloon] 100065 D - 0xffffffff827c3aa0 [deadlkres] 100069 D - 0xfffffe00593e5300 [acpi_task_0] 100070 D - 0xfffffe00593e5300 [acpi_task_1] 100071 D - 0xfffffe00593e5300 [acpi_task_2] 100073 D - 0xfffffe00083fc100 [mca taskq] 100074 D - 0xfffffe00083fa900 [CAM taskq] 100076 D - 0xfffffe00083fa300 [ipsec_offload] 100315 D - 0xfffffe00593e4700 [netlink_socket (PID] db> show all locks Process 1055 (syz-executor) thread 0xfffffe00540d6780 (100431) exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007d01cd8) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_vnops.c:328 exclusive lockmgr ufs (ufs) r = 0 (0xfffffe00777cf598) locked @ /syzkaller/managers/main/kernel/sys/ufs/ufs/ufs_vnops.c:1311 exclusive lockmgr rename (rename) r = 0 (0xfffffe005409fb90) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_syscalls.c:3838 db> show malloc Type InUse MemUse Requests pf_hash 6 12804K 6 linker 376 5071K 644 tcp_hpts 7 4801K 7 devbuf 4187 4323K 4213 sysctloid 35104 2068K 35296 vtbuf 24 1968K 46 kobj 330 1320K 507 newblk 18 1029K 1697 vfscache 3 1025K 3 pcb 41 683K 174 filedesc 67 534K 363 inodedep 15 518K 356 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 472K 4 subproc 202 402K 1169 vnet_data 2 224K 2 acpitask 1 224K 1 KTRACE 101 201K 7856 acpica 1674 184K 54438 vmem 5 144K 6 tidhash 3 141K 3 pagedep 12 131K 170 tfo_ccache 1 128K 1 IP reass 1 128K 1 sem 4 106K 4 DEVFS1 106 106K 124 gtaskqueue 18 98K 18 bus 1004 82K 5082 mtx_pool 3 74K 3 syncache 1 68K 1 NFSD srvcache 3 68K 3 module 521 66K 526 ddb_capture 1 64K 1 kdtrace 265 50K 1494 umtx 384 48K 384 hostcache 1 32K 1 shm 1 32K 4 DEVFS3 125 32K 136 msg 4 30K 4 kbdmux 6 28K 6 temp 33 23K 3000 DEVFS_RULE 56 20K 56 ifaddr 66 19K 68 ufs_mount 4 17K 5 proc 3 17K 3 LRO 16 17K 16 tty 16 16K 16 routetbl 124 16K 395 ithread 90 15K 90 bus-sc 34 15K 1653 lltable 45 14K 45 eventhandler 163 14K 163 ifnet 7 13K 7 ether_multi 152 13K 167 kenv 95 12K 95 GEOM 61 11K 509 CAM queue 5 11K 1528 rman 82 10K 457 shmfd 4 10K 10 rpc 8 9K 8 in6_multi 65 9K 66 bmsafemap 2 9K 289 devstat 4 9K 4 UART 12 9K 12 ksem 1 8K 1 filemon 1 8K 6 pfs_vncache 1 8K 1 audit_evclass 240 8K 303 taskqueue 72 8K 96 kqueue 97 8K 1314 plimit 19 8K 613 sglist 6 7K 6 CAM DEV 3 6K 510 cred 23 6K 303 pwddesc 90 6K 1072 pfs_nodes 22 6K 22 ufs_dirhash 24 5K 24 UMA 268 5K 269 pf_ifnet 10 5K 19 tcp_fsb_rack 2 5K 4 vt 11 5K 11 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 acpisem 28 4K 28 ip6opt 7 4K 24 inpcbpolicy 99 4K 410 mount 20 4K 754 crypto 6 3K 38 DEVFSP 46 3K 86 terminal 11 3K 11 acpidev 20 3K 20 uidinfo 4 3K 13 hhook 8 3K 10 sctp_atcl 6 3K 39 clone 9 3K 9 kcovinfo 36 3K 36 proc-args 82 3K 2113 pf_rule 1 2K 2 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 ip6ndp 12 2K