panic: proc_dtor: non-empty p_ktr cpuid = 0 time = 1750973743 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056cbb350 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056cbb4b0 vpanic() at vpanic+0x257/frame 0xfffffe0056cbb670 panic() at panic+0xb5/frame 0xfffffe0056cbb730 proc_dtor() at proc_dtor+0x532/frame 0xfffffe0056cbb780 item_dtor() at item_dtor+0xc3/frame 0xfffffe0056cbb7d0 uma_zfree_arg() at uma_zfree_arg+0x10a/frame 0xfffffe0056cbb870 proc_reap() at proc_reap+0xab4/frame 0xfffffe0056cbb8d0 proc_to_reap() at proc_to_reap+0x6e9/frame 0xfffffe0056cbb930 kern_wait6() at kern_wait6+0x34b/frame 0xfffffe0056cbba10 sys_wait4() at sys_wait4+0x1c4/frame 0xfffffe0056cbbd10 amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056cbbf30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056cbbf30 --- syscall (7, FreeBSD ELF64, wait4), rip = 0x3a223a, rsp = 0x820c78498, rbp = 0x820c784d0 --- KDB: enter: panic [ thread pid 764 tid 100098 ] Stopped at kdb_enter+0x6e: movq $0,0x25b9d27(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0072600000 rdx 0x7ffff rbx 0xffffffff827baf60 .str.27 rsp 0xfffffe0056cbb490 rbp 0xfffffe0056cbb4b0 rsi 0x80001 rdi 0xffffffff81618ad9 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0xfffffe00540c1550 r12 0xfffffe00540c1000 r13 0xfffffffffffffffe r14 0xffffffff827baf60 .str.27 r15 0 rip 0xffffffff8160266e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25b9d27(%rip) db> show proc Process 764 (syz-executor) at 0xfffffe0054007ae0: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 763 at 0xfffffe00540095c0 ABI: FreeBSD ELF64 flag: 0x10004000 flag2: 0 arguments: ./syz-executor exec reaper: 0xfffffe0007809040 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe0007810b68 (map 0xfffffe0007810b68) (map.pmap 0xfffffe0007810c08) (pmap 0xfffffe0007810c78) threads: 1 100098 Run CPU 0 syz-executor db> ps pid ppid pgrp uid state wmesg wchan cmd 890 765 765 0 R (threaded) syz-executor 100188 RunQ syz-executor 100219 S uwait 0xfffffe006e51e500 syz-executor 889 767 767 0 R (threaded) syz-executor 100208 RunQ syz-executor 100214 S pipdwt 0xfffffe006e4d6000 syz-executor 100215 S uwait 0xfffffe006e51e400 syz-executor 100216 S uwait 0xfffffe006e51e200 syz-executor 888 766 766 0 R (threaded) syz-executor 100144 RunQ syz-executor 100217 S uwait 0xfffffe006e51e800 syz-executor 886 1 764 0 S uwait 0xfffffe0059648e00 syz-executor 882 1 767 0 S uwait 0xfffffe0059644480 syz-executor 873 1 766 0 S uwait 0xfffffe006e51ee80 syz-executor 869 1 765 0 S uwait 0xfffffe00584e9000 syz-executor 863 1 765 0 S uwait 0xfffffe0059648b00 syz-executor 862 1 764 0 SV uwait 0xfffffe0059646200 syz-executor 856 1 856 0 Ss+ ttyin 0xfffffe0057dfa8b0 getty 855 1 855 0 Ss+ ttyin 0xfffffe0053f6d0b0 getty 854 1 854 0 Ss+ ttyin 0xfffffe00582914b0 getty 853 1 853 0 Ss+ ttyin 0xfffffe0053f6d8b0 getty 852 1 852 0 Ss+ ttyin 0xfffffe0058291cb0 getty 851 1 851 0 Ss+ ttyin 0xfffffe00582924b0 getty 850 1 850 0 Ss+ ttyin 0xfffffe0053f6e0b0 getty 849 1 849 0 Ss+ ttyin 0xfffffe0053f6e8b0 getty 848 1 848 0 Ss+ ttyin 0xfffffe0053f6f0b0 getty 839 0 0 0 DL (threaded) [so_splice] 100097 D - 0xfffffe000776e380 [thr_0] 100148 D - 0xfffffe000776e3c0 [thr_1] 837 1 767 0 SV uwait 0xfffffe0059648480 syz-executor 822 813 822 0 Ss select 0xfffffe00596e7740 dhclient 813 1 424 65 S select 0xfffffe00596e79c0 dhclient 808 0 0 0 DL aiordy 0xfffffe0054009060 [aiod4] 807 0 0 0 DL aiordy 0xfffffe000780a060 [aiod3] 806 0 0 0 DL aiordy 0xfffffe0007809b00 [aiod2] 805 0 0 0 DL aiordy 0xfffffe0054006ac0 [aiod1] 767 763 767 0 R syz-executor 766 763 766 0 R syz-executor 765 763 765 0 R syz-executor 764 763 764 0 R CPU 0 syz-executor 763 761 761 0 R syz-executor 761 1 761 0 Ss sigsusp 0xfffffe00540d8670 csh 17 0 0 0 DL syncer 0xffffffff83cbafa0 [syncer] 16 0 0 0 DL vlruwt 0xfffffe0007828040 [vnlru] 15 0 0 0 DL (threaded) [bufdaemon] 100080 D psleep 0xffffffff83cb9560 [bufdaemon] 100081 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100095 D sdflush 0xfffffe00595948e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d04400 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100078 D psleep 0xffffffff83cea4c8 [dom0] 100084 D launds 0xffffffff83cea4d4 [laundry: dom0] 100085 D umarcl 0xffffffff81dd8620 [uma] 7 0 0 0 DL - 0xffffffff8391acd0 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff843b1980 [pf purge] 5 0 0 0 DL waiting 0xffffffff84743700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100046 D - 0xffffffff838e5340 [doneq0] 100047 D - 0xffffffff838e52c0 [async] 100076 D - 0xffffffff838e5140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100043 D crypto_ 0xffffffff83ce5d80 [crypto] 100044 D crypto_ 0xfffffe0007a6fc30 [crypto returns 0] 100045 D crypto_ 0xfffffe0007a6fc80 [crypto returns 1] 14 0 0 0 DL seqstat 0xfffffe0053ff0088 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b45f20 [g_event] 100038 D - 0xffffffff83b45f40 [g_up] 100039 D - 0xffffffff83b45f60 [g_down] 2 0 0 0 RL (threaded) [clock] 100031 I [clock (0)] 100032 Run CPU 1 [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100048 I [irq24: virtio_pci0] 100049 I [irq25: virtio_pci0] 100050 I [irq26: virtio_pci0] 100051 I [irq27: virtio_pci0] 100052 I [irq28: virtio_pci1] 100053 I [irq29: virtio_pci1] 100054 I [irq30: virtio_pci1] 100055 I [irq31: virtio_pci1] 100056 I [irq32: virtio_pci1] 100061 I [irq10: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809040 [init] 10 0 0 0 DL audit_w 0xffffffff83ce6820 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c36ff0 [swapper] 100005 D - 0xfffffe0053e9c800 [softirq_0] 100006 D - 0xfffffe0053e9c700 [softirq_1] 100007 D - 0xfffffe0053e9c600 [if_io_tqg_0] 100008 D - 0xfffffe0053e9c500 [if_io_tqg_1] 100009 D - 0xfffffe0053e9c400 [if_config_tqg_0] 100010 D - 0xfffffe0007769b00 [kqueue_ctx taskq] 100011 D - 0xfffffe0007769a00 [jail_remove taskq] 100012 D - 0xfffffe0007769900 [bus taskq] 100015 D - 0xfffffe0007769600 [thread taskq] 100017 D - 0xfffffe0007769400 [aiod_kick taskq] 100018 D - 0xfffffe0007769300 [deferred_unmount ta] 100019 D - 0xfffffe0007769200 [inm_free taskq] 100020 D - 0xfffffe0007769100 [in6m_free taskq] 100021 D - 0xfffffe0007769000 [linuxkpi_irq_wq] 100022 D - 0xfffffe0007768e00 [linuxkpi_short_wq_0] 100023 D - 0xfffffe0007768e00 [linuxkpi_short_wq_1] 100024 D - 0xfffffe0007768e00 [linuxkpi_short_wq_2] 100025 D - 0xfffffe0007768e00 [linuxkpi_short_wq_3] 100026 D - 0xfffffe0007768d00 [linuxkpi_long_wq_0] 100027 D - 0xfffffe0007768d00 [linuxkpi_long_wq_1] 100028 D - 0xfffffe0007768d00 [linuxkpi_long_wq_2] 100029 D - 0xfffffe0007768d00 [linuxkpi_long_wq_3] 100036 D - 0xfffffe0007768a00 [firmware taskq] 100041 D - 0xfffffe0007768700 [crypto_0] 100042 D - 0xfffffe0007768700 [crypto_1] 100057 D - 0xfffffe0007768300 [vtnet0 rxq 0] 100058 D - 0xfffffe0007768200 [vtnet0 txq 0] 100059 D - 0xfffffe0007768100 [vtnet0 rxq 1] 100060 D - 0xfffffe0007768000 [vtnet0 txq 1] 100062 D vtbslp 0xfffffe0057d7eb80 [virtio_balloon] 100066 D - 0xffffffff827c0300 [deadlkres] 100070 D - 0xfffffe00593dc300 [acpi_task_0] 100071 D - 0xfffffe00593dc300 [acpi_task_1] 100072 D - 0xfffffe00593dc300 [acpi_task_2] 100074 D - 0xfffffe0007769c00 [mca taskq] 100075 D - 0xfffffe0007768600 [CAM taskq] 100077 D - 0xfffffe0007767b00 [ipsec_offload] db> show all locks Process 763 (syz-executor) thread 0xfffffe00540e8780 (100109) exclusive sleep mutex pipe mutex (pipe mutex) r = 0 (0xfffffe0059824f70) locked @ /syzkaller/managers/main/kernel/sys/kern/sys_pipe.c:1506 db>