login: panic: thread with borrowed priority returning to userland cpuid = 1 time = 1591124117 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0025a86990 vpanic() at vpanic+0x1c7/frame 0xfffffe0025a869f0 panic() at panic+0x43/frame 0xfffffe0025a86a50 userret() at userret+0x745/frame 0xfffffe0025a86ac0 amd64_syscall() at amd64_syscall+0x399/frame 0xfffffe0025a86bf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0025a86bf0 --- syscall (224, FreeBSD ELF64, freebsd7_msgctl), rip = 0x28289a, rsp = 0x7fffdff9af08, rbp = 0x7fffdff9af70 --- KDB: enter: panic [ thread pid 990 tid 100441 ] Stopped at kdb_enter+0x67: movq $0,0x14a7376(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0x80 ll+0x5f rdx 0xffffffff81901317 rbx 0 rsp 0xfffffe0025a86970 rbp 0xfffffe0025a86990 rsi 0x1 rdi 0 r8 0 r9 0xffffffff r10 0 r11 0xfffffe0025884a00 r12 0xffffffff82068e30 ddb_dbbe r13 0 r14 0xffffffff819a5370 r15 0xffffffff819a5370 rip 0xffffffff810b32f7 kdb_enter+0x67 rflags 0x82 ll+0x61 kdb_enter+0x67: movq $0,0x14a7376(%rip) db> show proc Process 990 (syz-executor.0) at 0xfffff8000c886a40: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 781 at 0xfffff80003d7b000 ABI: FreeBSD ELF64 arguments: /root/syz-executor.0 reaper: 0xfffff80003314000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe0023be5000 (map 0xfffffe0023be5000) (map.pmap 0xfffffe0023be50c0) (pmap 0xfffffe0023be5120) threads: 2 100131 s syz-executor.0 100441 Run CPU 1 syz-executor.0 db> ps pid ppid pgrp uid state wmesg wchan cmd 993 784 784 0 S (threaded) syz-executor.2 100228 S nanslp 0xffffffff8252efe0 syz-executor.2 100438 S connec 0xfffffe00239d80f0 syz-executor.2 100439 S uwait 0xfffff8000c808700 syz-executor.2 992 790 790 0 S (threaded) syz-executor.3 100307 S nanslp 0xffffffff8252efe0 syz-executor.3 100434 S connec 0xfffffe001cfc9d30 syz-executor.3 100435 S uwait 0xfffff8000c808f00 syz-executor.3 991 783 783 0 S (threaded) syz-executor.1 100375 S nanslp 0xffffffff8252efe0 syz-executor.1 100430 S connec 0xfffffe001cfc8b88 syz-executor.1 100431 S uwait 0xfffff80003464380 syz-executor.1 990 781 781 0 T (threaded) syz-executor.0 100131 s syz-executor.0 100441 Run CPU 1 syz-executor.0 981 974 981 0 Ss select 0xfffff8000356fe40 dhclient 977 1 977 0 Ss select 0xfffff80003a978c0 dhclient 974 965 424 65 S select 0xfffff8000356fac0 dhclient 965 424 424 0 S wait 0xfffff80003e13a40 sh 790 779 790 0 Ss nanslp 0xffffffff8252efe0 syz-executor.3 784 779 784 0 Rs syz-executor.2 783 779 783 0 Rs syz-executor.1 781 779 781 0 Ss nanslp 0xffffffff8252efe0 syz-executor.0 779 777 777 0 S (threaded) syz-execprog 100090 S uwait 0xfffff80003829400 syz-execprog 100109 S uwait 0xfffff80003829e80 syz-execprog 100110 S kqread 0xfffff80003d78000 syz-execprog 100111 S uwait 0xfffff80003829d80 syz-execprog 100112 S uwait 0xfffff80003464580 syz-execprog 100113 S uwait 0xfffff80003464680 syz-execprog 100114 S uwait 0xfffff80003464780 syz-execprog 100115 S uwait 0xfffff80003464880 syz-execprog 100116 S uwait 0xfffff80003a82800 syz-execprog 777 775 777 0 Ss pause 0xfffff80003d7b5c8 csh 775 682 775 0 Ss select 0xfffff8000355c840 sshd 749 1 749 0 Ss+ ttyin 0xfffff8000383ecb0 getty 748 1 748 0 Ss+ ttyin 0xfffff80003ba30b0 getty 747 1 747 0 Ss+ ttyin 0xfffff80003ba34b0 getty 746 1 746 0 Ss+ ttyin 0xfffff80003ba38b0 getty 745 1 745 0 Ss+ ttyin 0xfffff80003ba3cb0 getty 744 1 744 0 Ss+ ttyin 0xfffff80003ba20b0 getty 743 1 743 0 Ss+ ttyin 0xfffff80003ba24b0 getty 742 1 742 0 Ss+ ttyin 0xfffff80003ba28b0 getty 741 1 741 0 Ss+ ttyin 0xfffff80003ba2cb0 getty 739 1 24 0 S+ piperd 0xfffff8000c1568e8 logger 738 737 24 0 S+ nanslp 0xffffffff8252efe1 sleep 737 1 24 0 S+ wait 0xfffff80003d85a40 sh 686 1 686 0 Ss nanslp 0xffffffff8252efe1 cron 682 1 682 0 Ss select 0xfffff80003a96cc0 sshd 495 1 495 0 Ss select 0xfffff8000355dc40 syslogd 424 1 424 0 Ss wait 0xfffff80003d0e000 devd 423 1 423 65 Ss select 0xfffff80003a96d40 dhclient 338 1 338 0 Ss select 0xfffff80003a96b40 dhclient 335 1 335 0 Ss select 0xfffff80003a96bc0 dhclient 23 0 0 0 DL syncer 0xffffffff8261af18 [syncer] 22 0 0 0 DL vlruwt 0xfffff800033d7a40 [vnlru] 21 0 0 0 DL (threaded) [bufdaemon] 100069 D qsleep 0xffffffff8261a230 [bufdaemon] 100076 D - 0xffffffff8200aa00 [bufspacedaemon-0] 100086 D sdflush 0xfffff80003c630e8 [/ worker] 20 0 0 0 DL psleep 0xffffffff82641248 [vmdaemon] 19 0 0 0 DL (threaded) [pagedaemon] 100067 D psleep 0xffffffff826356d8 [dom0] 100074 D launds 0xffffffff826356e4 [laundry: dom0] 100075 D umarcl 0xffffffff8154c390 [uma] 18 0 0 0 DL - 0xffffffff82362c58 [rand_harvestq] 17 0 0 0 DL pftm 0xffffffff82b5d3a0 [pf purge] 16 0 0 0 DL waiting 0xffffffff8261d690 [sctp_iterator] 15 0 0 0 DL - 0xffffffff8261982c [soaiod4] 9 0 0 0 DL - 0xffffffff8261982c [soaiod3] 8 0 0 0 DL - 0xffffffff8261982c [soaiod2] 7 0 0 0 DL - 0xffffffff8261982c [soaiod1] 6 0 0 0 DL (threaded) [cam] 100033 D - 0xffffffff8223a9c0 [doneq0] 100066 D - 0xffffffff8223a890 [scanner] 5 0 0 0 DL crypto_ 0xfffff800033a7e90 [crypto returns 1] 4 0 0 0 DL crypto_ 0xfffff800033a7e30 [crypto returns 0] 3 0 0 0 DL crypto_ 0xffffffff82632ec0 [crypto] 14 0 0 0 DL seqstat 0xfffff800030e2488 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100024 D - 0xffffffff8250df80 [g_event] 100025 D - 0xffffffff8250df88 [g_up] 100026 D - 0xffffffff8250df90 [g_down] 2 0 0 0 DL (threaded) [KTLS] 100017 D - 0xfffff8000330fa00 [thr_0] 100018 D - 0xfffff8000330fa40 [thr_1] 12 0 0 0 RL (threaded) [intr] 100012 I [swi6: task queue] 100013 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100019 I [swi4: clock (0)] 100020 I [swi4: clock (1)] 100021 I [swi1: netisr 0] 100022 I [swi3: vm] 100034 I [irq24: virtio_pci0] 100035 I [irq25: virtio_pci0] 100036 I [irq26: virtio_pci0] 100037 I [irq27: virtio_pci0] 100038 I [irq28: virtio_pci1] 100039 I [irq29: virtio_pci1] 100040 I [irq30: