panic: mq notifiers left cpuid = 1 time = 1756139296 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056ec8810 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056ec8970 vpanic() at vpanic+0x257/frame 0xfffffe0056ec8b30 panic() at panic+0xb5/frame 0xfffffe0056ec8c00 mq_proc_exit() at mq_proc_exit+0x1cc/frame 0xfffffe0056ec8c50 exit1() at exit1+0x62b/frame 0xfffffe0056ec8cf0 sys__exit() at sys__exit+0x28/frame 0xfffffe0056ec8d10 amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056ec8f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056ec8f30 --- syscall (1, FreeBSD ELF64, _exit), rip = 0x3a1f2a, rsp = 0x82131d3f8, rbp = 0x82131d400 --- KDB: enter: panic [ thread pid 1007 tid 100213 ] Stopped at kdb_enter+0x6e: movq $0,0x25b6f77(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0002bf1850 rdx 0 rbx 0xffffffff827e1820 .str.27 rsp 0xfffffe0056ec8950 rbp 0xfffffe0056ec8970 rsi 0 rdi 0xffffffff816260e9 printf+0x149 r8 0 r9 0xffffffff r10 0x1 r11 0xfffffe00540cccd0 r12 0xfffffe0054138000 r13 0xfffffffffffffffd r14 0xffffffff827e1820 .str.27 r15 0 rip 0xffffffff8160fc1e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25b6f77(%rip) db> show proc Process 1007 (syz-executor) at 0xfffffe005412d558: state: NORMAL uid: 0 gids: 0, 5 parent: pid 763 at 0xfffffe00540ed000 ABI: FreeBSD ELF64 flag: 0x10002000 flag2: 0x40000 arguments: ./syz-executor exec reaper: 0xfffffe0007809010 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00541146d8 (map 0xfffffe00541146d8) (map.pmap 0xfffffe0054114778) (pmap 0xfffffe00541147e8) threads: 1 100213 Run CPU 1 syz-executor db> ps pid ppid pgrp uid state wmesg wchan cmd 1019 915 915 0 R (threaded) syz-executor 100090 RunQ syz-executor 100394 RunQ syz-executor 1017 1 915 0 S uwait 0xfffffe00596e2900 syz-executor 1016 764 764 0 R (threaded) syz-executor 100112 RunQ syz-executor 100393 D biord 0xfffffe0007dc8120 syz-executor 1010 766 766 0 R (threaded) syz-executor 100107 S nanslp 0xffffffff83ba7c41 syz-executor 100378 S uwait 0xfffffe00596ab680 syz-executor 100380 RunQ syz-executor 100381 S uwait 0xfffffe00596e2d00 syz-executor 1007 763 763 0 RE CPU 1 syz-executor 1003 1 764 0 S uwait 0xfffffe00593e8580 syz-executor 1001 1 763 0 S uwait 0xfffffe006de0e680 syz-executor 994 1 766 0 S uwait 0xfffffe006de0f280 syz-executor 993 1 766 0 S uwait 0xfffffe00596ab480 syz-executor 986 1 915 0 S uwait 0xfffffe006de0f180 syz-executor 983 1 763 0 S uwait 0xfffffe00596e2400 syz-executor 982 1 915 0 S uwait 0xfffffe006de0de80 syz-executor 981 1 766 0 S uwait 0xfffffe00596e4580 syz-executor 976 1 764 0 SV uwait 0xfffffe00596e1a80 syz-executor 975 1 764 0 S uwait 0xfffffe00596aa580 syz-executor 970 0 0 0 DL mdwait 0xfffffe0058632000 [md0] 967 1 915 0 S uwait 0xfffffe00596e2e80 syz-executor 964 1 915 0 S uwait 0xfffffe00596e2b00 syz-executor 958 1 915 0 S uwait 0xfffffe00593e6280 syz-executor 945 1 763 0 S uwait 0xfffffe0077b9d580 syz-executor 931 1 931 0 Ss+ ttyin 0xfffffe00077fd8b0 getty 930 1 930 0 Ss+ ttyin 0xfffffe00585bccb0 getty 929 1 929 0 Ss+ ttyin 0xfffffe00585bd0b0 getty 928 1 928 0 Ss+ ttyin 0xfffffe00585bd4b0 getty 927 1 927 0 Ss+ ttyin 0xfffffe00585bd8b0 getty 926 1 926 0 Ss+ ttyin 0xfffffe00585bdcb0 getty 925 1 925 0 Ss+ ttyin 0xfffffe00585be0b0 getty 924 1 924 0 Ss+ ttyin 0xfffffe00585be4b0 getty 923 1 923 0 Ss+ ttyin 0xfffffe00585be8b0 getty 915 762 915 0 R syz-executor 909 1 764 0 SV lockf 0xfffffe0057d76780 syz-executor 906 1 765 0 S uwait 0xfffffe00596ab180 syz-executor 904 1 763 0 S uwait 0xfffffe00596aad00 syz-executor 902 1 763 0 S uwait 0xfffffe006de0ed00 syz-executor 897 1 766 0 S uwait 0xfffffe00596aab00 syz-executor 896 1 764 0 S uwait 0xfffffe00596aac00 syz-executor 895 1 766 0 S uwait 0xfffffe00596e2800 syz-executor 879 1 765 0 S uwait 0xfffffe00596e2700 syz-executor 877 1 765 0 S uwait 0xfffffe006de0e000 syz-executor 876 0 0 0 DL (threaded) [KTLS] 100119 D - 0xfffffe0053ef6200 [thr_0] 100165 D - 0xfffffe0053ef6280 [thr_1] 100166 D - 0xffffffff83cb9628 [reclaim_0] 874 1 765 0 S uwait 0xfffffe00593e6880 syz-executor 871 0 0 0 DL aiordy 0xfffffe0054111ab8 [aiod4] 870 0 0 0 DL aiordy 0xfffffe0054110558 [aiod3] 869 0 0 0 DL aiordy 0xfffffe00540db000 [aiod2] 868 0 0 0 DL aiordy 0xfffffe0054110ab0 [aiod1] 864 1 765 0 S uwait 0xfffffe00596e1780 syz-executor 856 781 423 0 S kqread 0xfffffe005825f400 rtsol 816 1 764 0 SV uwait 0xfffffe006de0f080 syz-executor 781 1 423 0 S wait 0xfffffe00540db558 sh 766 762 766 0 S nanslp 0xffffffff83ba7c41 syz-executor 764 762 764 0 R syz-executor 763 762 763 0 S nanslp 0xffffffff83ba7c41 syz-executor 762 760 760 0 R CPU 0 syz-executor 760 1 760 0 Ss sigsusp 0xfffffe00540ed608 csh 16 0 0 0 DL syncer 0xffffffff83cc5820 [syncer] 15 0 0 0 DL vlruwt 0xfffffe000780a018 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83cc3d60 [bufdaemon] 100082 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100094 D sdflush 0xfffffe0053fe08e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d0ec80 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83cf4d48 [dom0] 100080 D launds 0xffffffff83cf4d54 [laundry: dom0] 100081 D umarcl 0xffffffff81df2890 [uma] 7 0 0 0 DL - 0xffffffff839205d8 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff8476ac30 [pf purge] 5 0 0 0 DL waiting 0xffffffff84568700 [sctp_iterator] 4 0 0 0 RL (threaded) [cam] 100045 RunQ [doneq0] 100046 D - 0xffffffff838ea2c0 [async] 100075 D - 0xffffffff838ea140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83cf0640 [crypto] 100043 D crypto_ 0xfffffe0007a95c30 [crypto returns 0] 100044 D crypto_ 0xfffffe0007a95c80 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b50640 [g_event] 100038 D - 0xffffffff83b50660 [g_up] 100039 D - 0xffffffff83b50680 [g_down] 2 0 0 0 WL (threaded) [clock] 100031 I [clock (0)] 100032 I [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809010 [init] 10 0 0 0 DL audit_w 0xffffffff83cf10e0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c43ff0 [swapper] 100005 D - 0xfffffe0007a98b00 [softirq_0] 100006 D - 0xfffffe0007a98900 [softirq_1] 100007 D - 0xfffffe0007a98700 [if_io_tqg_0] 100008 D - 0xfffffe0007a98500 [if_io_tqg_1] 100009 D - 0xfffffe0007a98300 [if_config_tqg_0] 100010 D - 0xfffffe00083f9700 [kqueue_ctx taskq] 100011 D - 0xfffffe00083f9600 [jail_remove taskq] 100012 D - 0xfffffe00083f9500 [bus taskq] 100015 D - 0xfffffe00083f9000 [thread taskq] 100017 D - 0xfffffe00083f8c00 [aiod_kick taskq] 100018 D - 0xfffffe00083f8b00 [deferred_unmount ta] 100019 D - 0xfffffe00083f8a00 [inm_free taskq] 100020 D - 0xfffffe00083f8900 [in6m_free taskq] 100021 D - 0xfffffe00083f8800 [linuxkpi_irq_wq] 100022 D - 0xfffffe00083f8700 [linuxkpi_short_wq_0] 100023 D - 0xfffffe00083f8700 [linuxkpi_short_wq_1] 100024 D - 0xfffffe00083f8700 [linuxkpi_short_wq_2] 100025 D - 0xfffffe00083f8700 [linuxkpi_short_wq_3] 100026 D - 0xfffffe00083f8600 [linuxkpi_long_wq_0] 100027 D - 0xfffffe00083f8600 [linuxkpi_long_wq_1] 100028 D - 0xfffffe00083f8600 [linuxkpi_long_wq_2] 100029 D - 0xfffffe00083f8600 [linuxkpi_long_wq_3] 100036 D - 0xfffffe00083f8100 [firmware taskq] 100040 D - 0xfffffe00083f7e00 [crypto_0] 100041 D - 0xfffffe00083f7e00 [crypto_1] 100056 D - 0xfffffe00083f7700 [vtnet0 rxq 0] 100057 D - 0xfffffe00083f7600 [vtnet0 txq 0] 100058 D - 0xfffffe00083f7500 [vtnet0 rxq 1] 100059 D - 0xfffffe00083f7400 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe0057d76f00 [virtio_balloon] 100065 D - 0xffffffff827e5f00 [deadlkres] 100069 D - 0xfffffe00593db000 [acpi_task_0] 100070 D - 0xfffffe00593db000 [acpi_task_1] 100071 D - 0xfffffe00593db000 [acpi_task_2] 100073 D - 0xfffffe00083fb100 [mca taskq] 100074 D - 0xfffffe00083f7d00 [CAM taskq] 100076 D - 0xfffffe00593dae00 [ipsec_offload] 1018 1016 764 0 Z syz-executor db> show all locks Process 1019 (syz-executor) thread 0xfffffe0054137000 (100394) shared sx vm map (user) (vm map (user)) r = 0 (0xfffffe00540b7738) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:4998 Process 1016 (syz-executor) thread 0xfffffe005413b000 (100393) shared lockmgr ufs (ufs) r = 0 (0xfffffe006ddf5228) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1172 Process 762 (syz-executor) thread 0xfffffe00540a2000 (100110) exclusive sleep mutex so_snd (so_snd) r = 0 (0xfffffe006b4c41a0) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4442 exclusive sleep mutex socket (socket) r = 0 (0xfffffe006b4c4000) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4428 db>