panic: mq notifiers left cpuid = 0 time = 4097 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056f5b810 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056f5b970 vpanic() at vpanic+0x257/frame 0xfffffe0056f5bb30 panic() at panic+0xb5/frame 0xfffffe0056f5bc00 mq_proc_exit() at mq_proc_exit+0x1cc/frame 0xfffffe0056f5bc50 exit1() at exit1+0x62b/frame 0xfffffe0056f5bcf0 sys__exit() at sys__exit+0x28/frame 0xfffffe0056f5bd10 amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056f5bf30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056f5bf30 --- syscall (1, FreeBSD ELF64, _exit), rip = 0x3a723a, rsp = 0x8213ba698, rbp = 0x8213ba6a0 --- KDB: enter: panic [ thread pid 958 tid 100117 ] Stopped at kdb_enter+0x6e: movq $0,0x25887a7(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0002bf1850 rdx 0 rbx 0xffffffff82832120 .str.27 rsp 0xfffffe0056f5b950 rbp 0xfffffe0056f5b970 rsi 0 rdi 0xffffffff8165f409 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0x43 r12 0xfffffe0058701780 r13 0xfffffffffffffffe r14 0xffffffff82832120 .str.27 r15 0 rip 0xffffffff816487ee kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25887a7(%rip) db> show proc Process 958 (syz-executor) at 0xfffffe00586ecac0: state: NORMAL uid: 0 gid: 0 supp gids: 0, 5 parent: pid 763 at 0xfffffe000780a570 ABI: FreeBSD ELF64 flag: 0x10002000 flag2: 0x40000 arguments: ./syz-executor exec reaper: 0xfffffe0007809010 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00078116d8 (map 0xfffffe00078116d8) (map.pmap 0xfffffe0007811778) (pmap 0xfffffe00078117e8) threads: 1 100117 Run CPU 0 syz-executor db> ps pid ppid pgrp uid state wmesg wchan cmd 967 765 765 0 R (threaded) syz-executor 100100 D mbusy 0xfffffe00586c5788 syz-executor 100305 Run CPU 1 syz-executor 966 764 764 -1 R (threaded) syz-executor 100213 RunQ syz-executor 100304 D biowr 0xfffffe0007e1ea80 syz-executor 100306 D ranged1 0xfffffe006dea26b8 syz-executor 100307 S uwait 0xfffffe0058309100 syz-executor 962 961 766 0 SV uwait 0xfffffe005858f600 syz-executor 961 766 766 0 D (threaded) syz-executor 100131 S nanslp 0xffffffff83bb2000 syz-executor 100294 D ppwait 0xfffffe000780a518 syz-executor 100296 S uwait 0xfffffe005830cb80 syz-executor 100300 S uwait 0xfffffe0058309000 syz-executor 959 958 763 0 S uwait 0xfffffe0058309780 syz-executor 958 763 763 0 RE CPU 0 syz-executor 949 1 763 0 S uwait 0xfffffe005830b700 syz-executor 946 1 765 0 S uwait 0xfffffe005830a280 syz-executor 937 1 766 0 S uwait 0xfffffe0058590880 syz-executor 935 1 765 0 S uwait 0xfffffe0058309680 syz-executor 913 1 765 0 S uwait 0xfffffe005858ee80 syz-executor 905 1 765 0 S uwait 0xfffffe005858ed80 syz-executor 903 0 0 0 DL - 0xffffffff83cd2200 [soaiod4] 902 0 0 0 DL - 0xffffffff83cd2200 [soaiod3] 901 0 0 0 DL - 0xffffffff83cd2200 [soaiod2] 900 0 0 0 DL - 0xffffffff83cd2200 [soaiod1] 892 1 765 0 S uwait 0xfffffe005858e580 syz-executor 891 1 765 0 S uwait 0xfffffe005830cf00 syz-executor 890 1 765 0 S uwait 0xfffffe005858f280 syz-executor 880 0 0 0 DL (threaded) [KTLS] 100113 D - 0xfffffe006e01e700 [thr_0] 100176 D - 0xfffffe006e01e780 [thr_1] 100177 D - 0xffffffff83cd3a28 [reclaim_0] 848 1 765 0 S uwait 0xfffffe005858e080 syz-executor 843 1 766 0 S uwait 0xfffffe005858ec80 syz-executor 834 1 765 0 S uwait 0xfffffe005858fa00 syz-executor 812 1 764 0 S uwait 0xfffffe0058309380 syz-executor 811 0 0 0 DL aiordy 0xfffffe0058707ac0 [aiod4] 810 0 0 0 DL aiordy 0xfffffe00586eb560 [aiod3] 809 0 0 0 DL aiordy 0xfffffe00586ebab8 [aiod2] 807 0 0 0 DL aiordy 0xfffffe00586ec568 [aiod1] 766 762 766 0 S nanslp 0xffffffff83bb2000 syz-executor 765 762 765 0 S nanslp 0xffffffff83bb2000 syz-executor 764 762 764 0 S nanslp 0xffffffff83bb2000 syz-executor 763 762 763 0 S nanslp 0xffffffff83bb2000 syz-executor 762 1 760 0 S select 0xfffffe0007787c40 syz-executor 747 1 747 0 Ts+ getty 746 1 746 0 Ts+ getty 745 1 745 0 Ts+ getty 744 1 744 0 Ts+ getty 743 1 743 0 Ts+ getty 742 1 742 0 Ts+ getty 741 1 741 0 Ts+ getty 740 1 740 0 Ts+ getty 739 1 739 0 Ts+ getty 737 1 17 0 S+ piperd 0xfffffe00598f8b80 logger 736 735 17 0 S+ nanslp 0xffffffff83bb2001 sleep 735 1 17 0 S+ wait 0xfffffe005860c010 sh 685 1 685 0 Ss nanslp 0xffffffff83bb2001 cron 681 1 681 0 Ss select 0xfffffe0007788140 sshd 494 1 494 0 Ss select 0xfffffe0054236dc0 syslogd 16 0 0 0 DL syncer 0xffffffff83cdfc20 [syncer] 15 0 0 0 DL vlruwt 0xfffffe0058602558 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83cde160 [bufdaemon] 100082 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100094 D sdflush 0xfffffe005808e0e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d1f040 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83d05108 [dom0] 100080 D launds 0xffffffff83d05114 [laundry: dom0] 100081 D umarcl 0xffffffff81e2f970 [uma] 7 0 0 0 DL - 0xffffffff8392a5b0 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff843bdf60 [pf purge] 5 0 0 0 DL waiting 0xffffffff84823700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100045 D - 0xffffffff838f4340 [doneq0] 100046 D - 0xffffffff838f42c0 [async] 100075 D - 0xffffffff838f4140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83d009e0 [crypto] 100043 D crypto_ 0xfffffe0007b17030 [crypto returns 0] 100044 D crypto_ 0xfffffe0007b17080 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b5a5e0 [g_event] 100038 D - 0xffffffff83b5a600 [g_up] 100039 D - 0xffffffff83b5a620 [g_down] 2 0 0 0 WL (threaded) [clock] 100031 I [clock (0)] 100032 I [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809010 [init] 10 0 0 0 DL audit_w 0xffffffff83d01480 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c55ff0 [swapper] 100005 D - 0xfffffe00077f7a00 [softirq_0] 100006 D - 0xfffffe00077f7800 [softirq_1] 100007 D - 0xfffffe00077f7600 [if_io_tqg_0] 100008 D - 0xfffffe00077f7400 [if_io_tqg_1] 100009 D - 0xfffffe00077f7200 [if_config_tqg_0] 100010 D - 0xfffffe00077f7000 [kqueue_ctx taskq] 100011 D - 0xfffffe00077f6d00 [jail_remove taskq] 100012 D - 0xfffffe00077f6b00 [bus taskq] 100015 D - 0xfffffe00077f6500 [thread taskq] 100017 D - 0xfffffe00077f6100 [aiod_kick taskq] 100018 D - 0xfffffe00077f5e00 [deferred_unmount ta] 100019 D - 0xfffffe00077f5c00 [inm_free taskq] 100020 D - 0xfffffe00077f5a00 [in6m_free taskq] 100021 D - 0xfffffe00077f5800 [linuxkpi_irq_wq] 100022 D - 0xfffffe00077f5600 [linuxkpi_short_wq_0] 100023 D - 0xfffffe00077f5600 [linuxkpi_short_wq_1] 100024 D - 0xfffffe00077f5600 [linuxkpi_short_wq_2] 100025 D - 0xfffffe00077f5600 [linuxkpi_short_wq_3] 100026 D - 0xfffffe00077f5100 [linuxkpi_long_wq_0] 100027 D - 0xfffffe00077f5100 [linuxkpi_long_wq_1] 100028 D - 0xfffffe00077f5100 [linuxkpi_long_wq_2] 100029 D - 0xfffffe00077f5100 [linuxkpi_long_wq_3] 100036 D - 0xfffffe00077f4400 [firmware taskq] 100040 D - 0xfffffe0007bcc100 [crypto_0] 100041 D - 0xfffffe0007bcc100 [crypto_1] 100056 D - 0xfffffe00077f8200 [vtnet0 rxq 0] 100057 D - 0xfffffe00541f6500 [vtnet0 txq 0] 100058 D - 0xfffffe00541f6400 [vtnet0 rxq 1] 100059 D - 0xfffffe00541f6300 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe00580bf000 [virtio_balloon] 100065 D - 0xffffffff82836800 [deadlkres] 100069 D - 0xfffffe0058595000 [acpi_task_0] 100070 D - 0xfffffe0058595000 [acpi_task_1] 100071 D - 0xfffffe0058595000 [acpi_task_2] 100073 D - 0xfffffe00077f8100 [mca taskq] 100074 D - 0xfffffe0007bcba00 [CAM taskq] 100076 D - 0xfffffe0007bcc500 [ipsec_offload] db> show all locks Process 967 (syz-executor) thread 0xfffffe005871a780 (100305) shared sx vm map (user) (vm map (user)) r = 0 (0xfffffe00586c5738) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:4998 Process 966 (syz-executor) thread 0xfffffe0058720780 (100304) exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007e1eb00) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:1754 exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006dea2598) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1315 db>