Fatal trap 9: general protection fault while in kernel mode cpuid = 1; apic id = 01 instruction pointer = 0x20:0xffffffff82cb5ce2 stack pointer = 0x28:0xfffffe00036381d0 frame pointer = 0x28:0xfffffe0003638210 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (swi1: netisr 0) trap number = 9 panic: general protection fault cpuid = 1 time = 1606570994 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0003637ea0 vpanic() at vpanic+0x1c7/frame 0xfffffe0003637f00 panic() at panic+0x43/frame 0xfffffe0003637f60 trap_fatal() at trap_fatal+0x4cd/frame 0xfffffe0003637fe0 trap() at trap+0xf7/frame 0xfffffe0003638100 calltrap() at calltrap+0x8/frame 0xfffffe0003638100 --- trap 0x9, rip = 0xffffffff82cb5ce2, rsp = 0xfffffe00036381d0, rbp = 0xfffffe0003638210 --- sctp_timer_stop() at sctp_timer_stop+0x3a2/frame 0xfffffe0003638210 sctp_stop_association_timers() at sctp_stop_association_timers+0xf9/frame 0xfffffe0003638240 sctp_free_assoc() at sctp_free_assoc+0x2b6/frame 0xfffffe00036382d0 sctp_process_control() at sctp_process_control+0x8a98/frame 0xfffffe0003638750 sctp_common_input_processing() at sctp_common_input_processing+0x7db/frame 0xfffffe00036388e0 sctp_input_with_port() at sctp_input_with_port+0x308/frame 0xfffffe00036389d0 sctp_input() at sctp_input+0x1f/frame 0xfffffe00036389f0 ip_input() at ip_input+0x388/frame 0xfffffe0003638a90 swi_net() at swi_net+0x20d/frame 0xfffffe0003638b10 ithread_loop() at ithread_loop+0x33f/frame 0xfffffe0003638bb0 fork_exit() at fork_exit+0xb3/frame 0xfffffe0003638bf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0003638bf0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 12 tid 100020 ] Stopped at kdb_enter+0x67: movq $0,0x1472836(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xffffffff810f5900 vprintf+0x140 rdx 0x1 rbx 0 rsp 0xfffffe0003637e80 rbp 0xfffffe0003637ea0 rsi 0 rdi 0xffffffff810f5936 vprintf+0x176 r8 0 r9 0xffffffff r10 0xfffffe00036387dc r11 0xbf r12 0xffffffff820671c0 ddb_dbbe r13 0 r14 0xffffffff8197acd3 r15 0xffffffff8197acd3 rip 0xffffffff810e9dc7 kdb_enter+0x67 rflags 0x82 kdb_enter+0x67: movq $0,0x1472836(%rip) db> show proc Process 12 (intr) at 0xfffff800042bba50: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff8250fbb0 ABI: null reaper: 0xffffffff8250fbb0 reapsubtree: 12 sigparent: 20 vmspace: 0xffffffff82510800 (map 0xffffffff82510800) (map.pmap 0xffffffff825108c0) (pmap 0xffffffff82510920) threads: 23 100012 I [swi5: fast taskq] 100015 I [swi6: task queue] 100016 I [swi6: Giant taskq] 100020 Run CPU 1 [swi1: netisr 0] 100021 I [swi3: vm] 100022 I [swi4: clock (0)] 100023 I [swi4: clock (1)] 100035 I [irq24: virtio_pci0] 100036 I [irq25: virtio_pci0] 100037 I [irq26: virtio_pci0] 100038 I [irq27: virtio_pci0] 100039 I [irq28: virtio_pci1] 100040 I [irq29: virtio_pci1] 100041 I [irq30: virtio_pci1] 100042 I [irq31: virtio_pci1] 100043 I [irq32: virtio_pci1] 100048 I [irq10: virtio_pci2] 100050 I [irq1: atkbd0] 100051 I [irq12: psm0] 100052 I [swi0: uart uart++] 100060 I [swi1: pf send] 100073 I [swi1: hpts] 100074 I [swi1: hpts] db> ps pid ppid pgrp uid state wmesg wchan cmd 32250 32108 32108 0 R (threaded) syz-executor.1 182705 Run CPU 0 syz-executor.1 190466 S sbwait 0xfffff8006e18e1c4 syz-executor.1 190467 S sbwait 0xfffff80053083574 syz-executor.1 190468 S uwait 0xfffff80025f0f580 syz-executor.1 190469 S sbwait 0xfffff800399f6574 syz-executor.1 190470 RunQ syz-executor.1 32249 32176 32176 0 R (threaded) syz-executor.3 180149 RunQ syz-executor.3 190452 S sbwait 0xfffff800530c6574 syz-executor.3 190455 S sbwait 0xfffff800530c6574 syz-executor.3 190457 S uwait 0xfffff800397c1c00 syz-executor.3 190463 S connec 0xfffff800538dd840 syz-executor.3 190465 S uwait 0xfffff80004a1d780 syz-executor.3 32248 32125 32125 0 R (threaded) syz-executor.0 188317 RunQ syz-executor.0 190451 S sbwait 0xfffff80063c54cd4 syz-executor.0 190454 S sbwait 0xfffff80053918924 syz-executor.0 190456 S accept 0xfffff80053035508 syz-executor.0 190459 S uwait 0xfffff80004a1d980 syz-executor.0 190461 S uwait 0xfffff80039743400 syz-executor.0 32246 32116 32116 0 R (threaded) syz-executor.2 187643 RunQ syz-executor.2 190449 S uwait 0xfffff80039743100 syz-executor.2 190453 S sbwait 0xfffff8005345e1c4 syz-executor.2 190458 S uwait 0xfffff8003966fa00 syz-executor.2 190460 S uwait 0xfffff800397c1e00 syz-executor.2 190462 S uwait 0xfffff80025f0fa80 syz-executor.2 190464 S uwait 0xfffff8003970ec00 syz-executor.2 32176 774 32176 0 Rs syz-executor.3 32131 32100 32131 0 Ss select 0xfffff80063a881c0 dhclient 32125 774 32125 0 Rs syz-executor.0 32116 774 32116 0 Rs syz-executor.2 32108 774 32108 0 Rs syz-executor.1 32103 1 32103 0 Ss select 0xfffff80063a884c0 dhclient 32100 32090 436 65 S select 0xfffff8006e9ed240 dhclient 32090 436 436 0 S wait 0xfffff80039702a50 sh 774 772 772 0 S (threaded) syz-fuzzer 100095 S uwait 0xfffff80025e96b80 syz-fuzzer 100109 S uwait 0xfffff80025f0fb80 syz-fuzzer 100110 S kqread 0xfffff80025f5f900 syz-fuzzer 100111 S uwait 0xfffff80025f0f480 syz-fuzzer 100112 S uwait 0xfffff80004a1d480 syz-fuzzer 100113 S uwait 0xfffff800394c2880 syz-fuzzer 100114 S uwait 0xfffff80004a1d580 syz-fuzzer 100115 S uwait 0xfffff80004a1d680 syz-fuzzer 100116 S uwait 0xfffff800394c2980 syz-fuzzer 100117 S uwait 0xfffff800394c2a80 syz-fuzzer 772 770 772 0 Ss pause 0xfffff80025f3fb00 csh 770 694 770 0 Ss select 0xfffff80025f0f0c0 sshd 754 1 754 0 Ss+ ttyin 0xfffff800046a2cb0 getty 753 1 753 0 Ss+ ttyin 0xfffff800049a28b0 getty 752 1 752 0 Ss+ ttyin 0xfffff800049a2cb0 getty 751 1 751 0 Ss+ ttyin 0xfffff8000499a0b0 getty 750 1 750 0 Ss+ ttyin 0xfffff8000499a4b0 getty 749 1 749 0 Ss+ ttyin 0xfffff8000499a8b0 getty 748 1 748 0 Ss+ ttyin 0xfffff8000499acb0 getty 747 1 747 0 Ss+ ttyin 0xfffff8000493c0b0 getty 746 1 746 0 Ss+ ttyin 0xfffff8000493c4b0 getty 698 1 698 0 Ss nanslp 0xffffffff8252fda0 cron 694 1 694 0 Ss select 0xfffff80025f0f2c0 sshd 507 1 507 0 Ss select 0xfffff80025f0fd40 syslogd 436 1 436 0 Ss wait 0xfffff80004ac8000 devd 435 1 435 65 Ss select 0xfffff80004a6b740 dhclient 350 1 350 0 Ss select 0xfffff80025f0fec0 dhclient 347 1 347 0 Ss select 0xfffff80025e968c0 dhclient 23 0 0 0 DL syncer 0xffffffff8261d138 [syncer] 22 0 0 0 DL vlruwt 0xfffff800049f2a50 [vnlru] 21 0 0 0 DL (threaded) [bufdaemon] 100070 D qsleep 0xffffffff8261c200 [bufdaemon] 100077 D - 0xffffffff8200ac80 [bufspacedaemon-0] 100087 D sdflush 0xfffff800041818e8 [/ worker] 20 0 0 0 DL psleep 0xffffffff82643688 [vmdaemon] 19 0 0 0 DL (threaded) [pagedaemon] 100068 D psleep 0xffffffff82637af8 [dom0] 100075 D launds 0xffffffff82637b04 [laundry: dom0] 100076 D umarcl 0xffffffff814f54f0 [uma] 18 0 0 0 DL - 0xffffffff82364278 [rand_harvestq] 17 0 0 0 DL waiting 0xffffffff82cda818 [sctp_iterator] 16 0 0 0 RL [pf purge] 15 0 0 0 DL - 0xffffffff8261b7dc [soaiod4] 9 0 0 0 DL - 0xffffffff8261b7dc [soaiod3] 8 0 0 0 DL - 0xffffffff8261b7dc [soaiod2] 7 0 0 0 DL - 0xffffffff8261b7dc [soaiod1] 6 0 0 0 DL (threaded) [cam] 100034 D - 0xffffffff8223bfc0 [doneq0] 100067 D - 0xffffffff8223be90 [scanner] 5 0 0 0 DL crypto_ 0xfffff80004189c90 [crypto returns 1] 4 0 0 0 DL crypto_ 0xfffff80004189c30 [crypto returns 0] 3 0 0 0 DL crypto_ 0xffffffff82635010 [crypto] 14 0 0 0 DL seqstat 0xfffff80004300488 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100025 D - 0xffffffff8250f620 [g_event] 100026 D - 0xffffffff8250f628 [g_up] 100027 D - 0xffffffff8250f630 [g_down] 2 0 0 0 DL (threaded) [KTLS] 100018 D - 0xfffff800042b3300 [thr_0] 100019 D - 0xfffff800042b3380 [thr_1] 12 0 0 0 RL (threaded) [intr] 100012 I [swi5: fast taskq] 100015 I [swi6: task queue] 100016 I [swi6: Giant taskq] 100020 Run CPU 1 [swi1: netisr 0] 100021 I [swi3: vm] 100022 I [swi4: clock (0)] 100023 I [swi4: clock (1)] 100035 I [irq24: virtio_pci0] 100036 I [irq25: virtio_pci0] 100037 I [irq26: virtio_pci0] 100038 I [irq27: virtio_pci0] 100039 I [irq28: virtio_pci1] 100040 I [irq29: virtio_pci1] 100041 I [irq30: virtio_pci1] 100042 I [irq31: virtio_pci1] 100043 I [irq32: virtio_pci1] 100048 I [irq10: virtio_pci2] 100050 I [irq1: atkbd0] 100051 I [irq12: psm0] 100052 I [swi0: uart uart++] 100060 I [swi1: pf send] 100073 I [swi1: hpts] 100074 I [swi1: hpts] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffff80004294528 [init] 10 0 0 0 DL audit_w 0xffffffff82635530 [audit] 0 0 0 0 RLs (threaded) [kernel] 100000 D swapin 0xffffffff8250fbb0 [swapper] 100005 D - 0xfffff800042b8e00 [if_io_tqg_0] 100006 D - 0xfffff800042b8d00 [if_io_tqg_1] 100007 D - 0xfffff800042b8c00 [if_config_tqg_0] 100008 D - 0xfffff800042b8b00 [softirq_0] 100009 D - 0xfffff800042b8a00 [softirq_1] 100010 D - 0xfffff80004183200 [in6m_free taskq] 100011 RunQ [thread taskq] 100013 D - 0xfffff800042b9b00 [inm_free taskq] 100014 D - 0xfffff800042b9900 [kqueue_ctx taskq] 100017 D - 0xfffff800042b9300 [aiod_kick taskq] 100024 D - 0xfffff800042cea00 [firmware taskq] 100029 D - 0xfffff800042ce300 [crypto_0] 100030 D - 0xfffff800042ce300 [crypto_1] 100044 D - 0xfffff8000433f300 [vtnet0 rxq 0] 100045 D - 0xfffff8000433f200 [vtnet0 txq 0] 100046 D - 0xfffff8000433f100 [vtnet0 rxq 1] 100047 D - 0xfffff8000433f000 [vtnet0 txq 1] 100049 D vtbslp 0xfffff80004486700 [virtio_balloon] 100053 D - 0xfffff800046b0e00 [mca taskq] 100055 D - 0xffffffff81d23430 [deadlkres] 100062 D - 0xfffff800048c5200 [acpi_task_0] 100063 D - 0xfffff800048c5200 [acpi_task_1] 100064 D - 0xfffff800048c5200 [acpi_task_2] 100066 D - 0xfffff8000433fb00 [CAM taskq] db> show all locks Process 12 (intr) thread 0xfffffe00048b2a00 (100020) exclusive sleep mutex sctp-send-tcb (tcbs) r = 0 (0xfffffe0025a42ab0) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:4694 exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0025a42a90) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:2143 Process 0 (kernel) thread 0xfffffe00049e7a00 (100011) exclusive sleep mutex kernel arena (kernel arena) r = 0 (0xffffffff825798c0) locked @ /syzkaller/managers/main/kernel/sys/kern/subr_vmem.c:793 exclusive sleep mutex vmem list lock (vmem list lock) r = 0 (0xffffffff82002900) locked @ /syzkaller/managers/main/kernel/sys/kern/subr_vmem.c:788 db> show malloc Type InUse MemUse Requests pf_hash 5 11524K 5 devbuf 4216 4339K 4244 tcp_hpts 5 3201K 5 vtbuf 24 1968K 46 sysctloid 29250 1706K 29315 kobj 337 1348K 498 newblk 5 1025K 76348 vfscache 3 1025K 3 pcb 427 986K 58078 inodedep 6 514K 50694 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 472K 4 subproc 137 251K 32333 sctp_stro 202 202K 13232 acpica 1674 184K 54316 vnet_data 1 168K 1 sctp_atcl 412 155K 41966 tidhash 3 141K 3 filedesc 18 137K 59873 pagedep 9 130K 66949 tfo_ccache 1 128K 1 sem 4 106K 4 DEVFS1 105 105K 122 linker 254 97K 558 bus 994 81K 3317 mtx_pool 2 72K 2 syncache 1 68K 1 acpitask 1 64K 1 ddb_capture 1 64K 1 module 509 64K 509 ifaddr 178 61K 394 umtx 378 48K 378 kdtrace 222 46K 122722 temp 38 39K 14543 BPF 22 36K 502 hostcache 1 32K 1 shm 1 32K 51 DEVFS3 124 31K 134 msg 4 30K 4 vmem 3 28K 6 sctp_atky 628 27K 57190 gtaskqueue 18 26K 18 lockf 206 22K 18062 kbdmux 6 22K 6 DEVFS_RULE 56 20K 56 ufs_mount 5 17K 6 proc 3 17K 3 tty 16 16K 16 ithread 99 16K 99 sctp_timw 61 16K 61 lltable 46 15K 1390 ether_multi 172 14K 2357 bus-sc 31 14K 1554 sctp_ifa 105 14K 279 KTRACE 100 13K 100 ifnet 7 13K 7 kenv 92 12K 92 eventhandler 125 11K 125 in6_multi 89 11K 1306 GEOM 60 10K 489 rman 82 10K 423 bmsafemap 2 9K 36022 UART 12 9K 12 devstat 4 9K 4 rpc 2 8K 2 shmfd 1 8K 31 pfs_vncache 1 8K 1 pfs_nodes 20 8K 20 pf_ifnet 23 8K 1057 audit_evclass 233 8K 291 sctp_athm 412 7K 43364 sctp_map 404 7K 26304 routetbl 28 7K 1704 CAM DEV 3 6K 510