panic: ASan: Invalid access, 8-byte read at 0xfffffe0077f07700, UMAUseAfterFree(fd) cpuid = 1 time = 44 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0057351cb0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0057351e10 vpanic() at vpanic+0x257/frame 0xfffffe0057351fd0 panic() at panic+0xb5/frame 0xfffffe0057352090 kasan_report() at kasan_report+0xdf/frame 0xfffffe0057352160 sctp_stop_association_timers() at sctp_stop_association_timers+0x1a7/frame 0xfffffe0057352190 sctp_free_assoc() at sctp_free_assoc+0x37d/frame 0xfffffe00573522e0 sctp_handle_abort() at sctp_handle_abort+0x153/frame 0xfffffe0057352310 sctp_process_control() at sctp_process_control+0x2254/frame 0xfffffe00573527e0 sctp_common_input_processing() at sctp_common_input_processing+0x87d/frame 0xfffffe0057352a20 sctp_input_with_port() at sctp_input_with_port+0x46e/frame 0xfffffe0057352bb0 sctp_input() at sctp_input+0x29/frame 0xfffffe0057352bd0 ip_input() at ip_input+0xaa2/frame 0xfffffe0057352cf0 swi_net() at swi_net+0x2b8/frame 0xfffffe0057352d90 ithread_loop() at ithread_loop+0x4ec/frame 0xfffffe0057352ef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0057352f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0057352f30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 12 tid 100033 ] Stopped at kdb_enter+0x6e: movq $0,0x25bda37(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xffffffff8161404e _vprintf+0x1ae rdx 0 rbx 0xffffffff827b0020 .str.27 rsp 0xfffffe0057351df0 rbp 0xfffffe0057351e10 rsi 0 rdi 0xffffffff816145b9 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0xbf r12 0xfffffe0008021740 r13 0xfffffffffffffffd r14 0xffffffff827b0020 .str.27 r15 0 rip 0xffffffff815fe75e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25bda37(%rip) db> show proc Process 12 (intr) at 0xfffffe0008008580: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff83b468e0 ABI: null flag: 0x10000284 flag2: 0 reaper: 0xffffffff83b468e0 reapsubtree: 12 sigparent: 20 vmspace: 0xffffffff83b47880 (map 0xffffffff83b47880) (map.pmap 0xffffffff83b47920) (pmap 0xffffffff83b47990) threads: 20 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 Run CPU 1 [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100048 I [irq24: virtio_pci0] 100049 I [irq25: virtio_pci0] 100050 I [irq26: virtio_pci0] 100051 I [irq27: virtio_pci0] 100052 I [irq28: virtio_pci1] 100053 I [irq29: virtio_pci1] 100054 I [irq30: virtio_pci1] 100055 I [irq31: virtio_pci1] 100056 I [irq32: virtio_pci1] 100061 I [irq10: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] db> ps pid ppid pgrp uid state wmesg wchan cmd 1811 1261 1261 60928 R (threaded) syz-executor 101755 RunQ syz-executor 101756 RunQ syz-executor 1809 1 1261 0 RE syz-executor 1802 766 1802 60928 Rs (threaded) syz-executor 101741 RunQ syz-executor 101742 S pipdwt 0xfffffe007f550e60 syz-executor 101743 S uwait 0xfffffe007f566180 syz-executor 101746 S uwait 0xfffffe00780c2e80 syz-executor 1801 1 766 0 RE syz-executor 1757 0 0 0 DL mdwait 0xfffffe0082e19000 [md3] 1690 1687 1481 0 S uwait 0xfffffe007f4a1600 syz-executor 1687 1481 1481 0 T (threaded) syz-executor 101504 s syz-executor 101557 D reapst 0xfffffe0057b7fa08 syz-executor 1531 0 0 0 DL mdwait 0xfffffe007f278000 [md2] 1530 0 0 0 DL mdwait 0xfffffe007f413000 [md0] 1481 763 1481 0 S wait 0xfffffe00548de580 syz-executor 1431 0 0 0 DL mdwait 0xfffffe007f6a4000 [md1] 1389 0 0 0 DL mdwait 0xfffffe007f646000 [md127] 1261 763 1261 0 R syz-executor 1119 0 0 0 DL (threaded) [KTLS] 100473 D - 0xfffffe005462a400 [thr_0] 100531 D - 0xfffffe005462a480 [thr_1] 100532 D - 0xffffffff83caec28 [reclaim_0] 1089 1088 1088 0 TL tun_con 0xfffffe005893d228 ifconfig 1088 763 1088 0 S wait 0xfffffe00548ee020 syz-executor 1047 1 765 0 RE syz-executor 1034 1 764 0 R syz-executor 1025 1 767 0 R syz-executor 1020 1019 765 0 SV uwait 0xfffffe0058a5d300 syz-executor 1019 1018 765 0 DV ppwait 0xfffffe005490bac0 syz-executor 1018 1017 765 0 RV syz-executor 1017 1016 765 0 DV ppwait 0xfffffe005492fa60 syz-executor 1016 1015 765 0 RV syz-executor 1015 1014 765 0 DV ppwait 0xfffffe005495da60 syz-executor 1014 1013 765 0 DV ppwait 0xfffffe0054954000 syz-executor 1013 1012 765 0 DV ppwait 0xfffffe0054954560 syz-executor 1012 1011 765 0 RV syz-executor 1011 1010 765 0 RV syz-executor 1010 1009 765 0 DV ppwait 0xfffffe0054955a60 syz-executor 1009 1008 765 0 RV syz-executor 1008 1007 765 0 RV syz-executor 1007 1006 765 0 DV ppwait 0xfffffe0054956a80 syz-executor 1006 1005 765 0 DV ppwait 0xfffffe0054951500 syz-executor 1005 1004 765 0 RV syz-executor 1004 1003 765 0 DV ppwait 0xfffffe0054951fc0 syz-executor 1003 1002 765 0 RV syz-executor 1002 1001 765 0 DV ppwait 0xfffffe0054952a80 syz-executor 1001 1000 765 0 RV syz-executor 1000 999 765 0 DV ppwait 0xfffffe0054953540 syz-executor 999 998 765 0 DV ppwait 0xfffffe0054953aa0 syz-executor 998 997 765 0 DV ppwait 0xfffffe00548f0000 syz-executor 997 996 765 0 DV ppwait 0xfffffe0054930520 syz-executor 996 995 765 0 RV syz-executor 995 994 765 0 RV syz-executor 994 993 765 0 RV syz-executor 993 992 765 0 RV syz-executor 992 991 765 0 RV syz-executor 991 990 765 0 DV ppwait 0xfffffe00548eea80 syz-executor 990 989 765 0 DV ppwait 0xfffffe00548e0560 syz-executor 989 988 765 0 DV ppwait 0xfffffe0054809560 syz-executor 988 1 765 0 DV ppwait 0xfffffe0054806fc0 syz-executor 986 1 764 0 RE syz-executor 973 0 0 0 DL - 0xffffffff83cad400 [soaiod4] 972 0 0 0 DL - 0xffffffff83cad400 [soaiod3] 971 0 0 0 DL - 0xffffffff83cad400 [soaiod2] 970 0 0 0 DL - 0xffffffff83cad400 [soaiod1] 969 1 764 0 RE CPU 0 syz-executor 965 0 0 0 DL (threaded) [so_splice] 100099 D - 0xfffffe0058a5d880 [thr_0] 100313 D - 0xfffffe0058a5d8c0 [thr_1] 961 1 960 0 RV syz-executor 930 1 766 0 R syz-executor 927 1 765 0 R syz-executor 925 1 766 0 R syz-executor 918 1 765 0 R syz-executor 912 1 765 -1 R syz-executor 905 1 767 0 R syz-executor 904 1 766 0 R syz-executor 903 1 766 0 R syz-executor 902 1 765 0 R syz-executor 893 0 0 0 DL - 0xffffffff83b47d40 [accounting] 888 1 764 0 R syz-executor 886 1 764 0 R syz-executor 871 1 767 0 R syz-executor 863 1 765 0 R syz-executor 861 1 765 0 R syz-executor 856 1 766 0 RV syz-executor 852 1 764 0 R syz-executor 819 0 0 0 DL mdwait 0xfffffe006eb61000 [md7] 814 0 0 0 DL aiordy 0xfffffe005490a5a0 [aiod4] 813 0 0 0 DL aiordy 0xfffffe005490ab00 [aiod3] 812 0 0 0 DL aiordy 0xfffffe00548095c0 [aiod2] 811 0 0 0 DL aiordy 0xfffffe00548dd560 [aiod1] 766 763 766 0 R syz-executor 763 761 761 0 R syz-executor 761 759 761 0 Ss pause 0xfffffe0054808bb0 csh 17 0 0 0 DL syncer 0xffffffff83cbada0 [syncer] 16 0 0 0 DL vlruwt 0xfffffe0008028040 [vnlru] 15 0 0 0 DL (threaded) [bufdaemon] 100080 D psleep 0xffffffff83cb9360 [bufdaemon] 100081 D - 0xffffffff83002140 [bufspacedaemon-0] 100093 D sdflush 0xfffffe0058e36ce8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d04380 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100078 D psleep 0xffffffff83cea2f8 [dom0] 100082 D launds 0xffffffff83cea304 [laundry: dom0] 100083 D umarcl 0xffffffff81dcf0c0 [uma] 7 0 0 0 DL - 0xffffffff8391acd0 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff8485b850 [pf purge] 5 0 0 0 DL waiting 0xffffffff84523700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100046 D - 0xffffffff838e5340 [doneq0] 100047 D - 0xffffffff838e52c0 [async] 100076 D - 0xffffffff838e5140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100043 D crypto_ 0xffffffff83ce5b40 [crypto] 100044 D crypto_ 0xfffffe0058555030 [crypto returns 0] 100045 D crypto_ 0xfffffe0058555080 [crypto returns 1] 14 0 0 0 DL seqstat 0xfffffe00547d9088 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b45f00 [g_event] 100038 D - 0xffffffff83b45f20 [g_up] 100039 D - 0xffffffff83b45f40 [g_down] 2 0 0 0 TL (threaded) [clock] 100031 I [clock (0)] 100032 I [clock (1)] 12 0 0 0 RL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 Run CPU 1 [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100048 I [irq24: virtio_pci0] 100049 I [irq25: virtio_pci0] 100050 I [irq26: virtio_pci0] 100051 I [irq27: virtio_pci0] 100052 I [irq28: virtio_pci1] 100053 I [irq29: virtio_pci1] 100054 I [irq30: virtio_pci1] 100055 I [irq31: virtio_pci1] 100056 I [irq32: virtio_pci1] 100061 I [irq10: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 TLs [init] 10 0 0 0 DL audit_w 0xffffffff83ce65e0 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c2cff0 [swapper] 100005 D - 0xfffffe005462a000 [softirq_0] 100006 D - 0xfffffe0054629e00 [softirq_1] 100007 D - 0xfffffe0054629d00 [if_io_tqg_0] 100008 D - 0xfffffe0054629c00 [if_io_tqg_1] 100009 D - 0xfffffe0054629b00 [if_config_tqg_0] 100010 D - 0xfffffe0007f66200 [kqueue_ctx taskq] 100011 D - 0xfffffe0007f66100 [jail_remove taskq] 100012 D - 0xfffffe0007f66000 [bus taskq] 100015 s [thread taskq] 100017 D - 0xfffffe0007f65a00 [aiod_kick taskq] 100018 D - 0xfffffe0007f65900 [deferred_unmount ta] 100019 D - 0xfffffe0007f65800 [inm_free taskq] 100020 D - 0xfffffe0007f65700 [in6m_free taskq] 100021 D - 0xfffffe0007f65600 [linuxkpi_irq_wq] 100022 D - 0xfffffe0007f65500 [linuxkpi_short_wq_0] 100023 D - 0xfffffe0007f65500 [linuxkpi_short_wq_1] 100024 D - 0xfffffe0007f65500 [linuxkpi_short_wq_2] 100025 D - 0xfffffe0007f65500 [linuxkpi_short_wq_3] 100026 D - 0xfffffe0007f65400 [linuxkpi_long_wq_0] 100027 D - 0xfffffe0007f65400 [linuxkpi_long_wq_1] 100028 D - 0xfffffe0007f65400 [linuxkpi_long_wq_2] 100029 D - 0xfffffe0007f65400 [linuxkpi_long_wq_3] 100036 D - 0xfffffe0007f65300 [firmware taskq] 100041 D - 0xfffffe0007f65100 [crypto_0] 100042 D - 0xfffffe0007f65100 [crypto_1] 100057 D - 0xfffffe0007f64e00 [vtnet0 rxq 0] 100058 D - 0xfffffe0007f64d00 [vtnet0 txq 0] 100059 D - 0xfffffe0007f64c00 [vtnet0 rxq 1] 100060 D - 0xfffffe0007f64b00 [vtnet0 txq 1] 100062 D vtbslp 0xfffffe005856cd00 [virtio_balloon] 100066 D - 0xffffffff827b5361 [deadlkres] 100070 D - 0xfffffe0059be2000 [acpi_task_0] 100071 D - 0xfffffe0059be2000 [acpi_task_1] 100072 D - 0xfffffe0059be2000 [acpi_task_2] 100074 D - 0xfffffe0007f66900 [mca taskq] 100075 D - 0xfffffe0007f65000 [CAM taskq] 100077 D - 0xfffffe0059be1d00 [ipsec_offload] 101266 D - 0xfffffe0059bdfb00 [system_taskq_0] 101267 D - 0xfffffe0059bdfb00 [system_taskq_1] 101268 D - 0xfffffe0007f67c00 [system_delay_taskq_] 101269 D - 0xfffffe0007f67c00 [system_delay_taskq_] 101271 D - 0xfffffe0059ea9100 [arc_prune] 101272 D - 0xfffffe0007f67400 [arc_flush_0] 101273 D - 0xfffffe0007f67400 [arc_flush_1] 101286 D - 0xfffffe0059bdfa00 [dbu_evict] 101322 D - 0xfffffe0059bdf400 [z_vdev_file_0] 101323 D - 0xfffffe0059bdf400 [z_vdev_file_1] 101324 D - 0xfffffe0059bdf400 [z_vdev_file_2] 101325 D - 0xfffffe0059bdf400 [z_vdev_file_3] 101326 D - 0xfffffe0059bdf400 [z_vdev_file_4] 101327 D - 0xfffffe0059bdf400 [z_vdev_file_5] 101328 D - 0xfffffe0059bdf400 [z_vdev_file_6] 101329 D - 0xfffffe0059bdf400 [z_vdev_file_7] 101330 D - 0xfffffe0059bdf400 [z_vdev_file_8] 101331 D - 0xfffffe0059bdf400 [z_vdev_file_9] 101332 D - 0xfffffe0059bdf400 [z_vdev_file_10] 101333 D - 0xfffffe0059bdf400 [z_vdev_file_11] 101334 D - 0xfffffe0059bdf400 [z_vdev_file_12] 101335 D - 0xfffffe0059bdf400 [z_vdev_file_13] 101336 D - 0xfffffe0059bdf400 [z_vdev_file_14] 101337 D - 0xfffffe0059bdf400 [z_vdev_file_15] 101355 D - 0xfffffe0059eaa700 [zfsvfs] 1026 1 767 0 RE syz-executor 1045 1 765 0 Z syz-executor 1046 1 767 0 RE syz-executor 1063 1 765 0 RE syz-executor 1065 1 765 0 Z syz-executor 1070 1 764 0 RE syz-executor 1072 1 764 0 Z syz-executor 1075 1 764 0 RE syz-executor 1076 1 764 0 RE syz-executor 1080 1 1052 0 RE syz-executor 1082 1 1052 0 RE syz-executor 1086 1 764 0 REV syz-executor 1094 1 766 0 RE syz-executor 1098 1 1052 0 RE syz-executor 1099 1 766 0 RE syz-executor 1101 1 766 0 RE syz-executor 1102 1 766 0 REV syz-executor 1106 1 764 0 RE syz-executor 1115 1 764 0 RE syz-executor 1117 1 764 0 RE syz-executor 1122 1 766 0 RE syz-executor 1127 1 1052 0 REV syz-executor 1130 1 1130 0 Z+ getty 1131 1 1131 0 Z+ getty 1132 1 1132 0 Z+ getty 1133 1 1133 0 Z+ getty 1134 1 1134 0 Z+ getty 1135 1 1135 0 Z+ getty 1136 1 1136 0 Z+ getty 1137 1 1137 0 Z+ getty 1138 1 1138 0 Z+ getty 1147 1 766 0 RE syz-executor 1148 1 1052 0 RE syz-executor 1151 1 766 0 RE syz-executor 1156 1 1052 0 RE syz-executor 1157 1 764 0 RE syz-executor 1163 1 1052 0 RE syz-executor 1172 1 764 0 RE syz-executor 1175 1 764 0 RE syz-executor 1176 1 764 0 RE syz-executor 1177 1 1052 0 RE syz-executor 1179 1 1052 0 RE syz-executor 1185 1 766 0 RE syz-executor 1188 1 766 0 RE syz-executor 1190 1 764 0 RE syz-executor 1194 1 1052 0 RE syz-executor 1196 1 1052 0 RE syz-executor 1202 1 1052 0 RE syz-executor 1203 1 1203 0 RE syz-executor 1211 1 1052 0 RE syz-executor 1212 1 1052 0 RE syz-executor 1214 1 766 0 RE syz-executor 1224 1 1052 0 RE syz-executor 1235 1 766 0 RE syz-executor 1236 1 766 0 RE syz-executor 1237 1 1052 0 REV syz-executor 1239 1 766 0 RE syz-executor 1243 1 764 0 RE syz-executor 1255 1 766 60928 RE syz-executor 1259 1 764 0 RE syz-executor 1260 1 764 0 RE syz-executor 1269 1 1052 0 RE syz-executor 1274 1 766 0 REV syz-executor 1275 1 1261 0 RE syz-executor 1283 1 1052 0 RE syz-executor 1285 1 1052 0 RE syz-executor 1302 1 766 0 RE syz-executor 1304 1 766 0 RE syz-executor 1307 1 1261 0 RE syz-executor 1314 1 1261 0 RE syz-executor 1316 1 1052 0 RE syz-executor 1317 1 1052 0 RE syz-executor 1319 1 1261 0 RE syz-executor 1320 1 1261 0 RE syz-executor 1333 1 1261 0 RE syz-executor 1334 1 1261 0 RE syz-executor 1342 1 1261 0 RE syz-executor 1348 1 1348 0 RE syz-executor 1354 1 766 0 RE syz-executor 1360 1 1052 0 RE syz-executor 1367 1 1052 0 RE syz-executor 1371 1 766 0 RE syz-executor 1380 1 1052 0 RE syz-executor 1401 1 1052 0 RE syz-executor 1402 1 766 0 RE syz-executor 1407 1 766 0 RE syz-executor 1408 1 1052 0 RE syz-executor 1411 1 766 0 RE syz-executor 1414 1 1261 0 REV syz-executor 1416 1 1052 0 REV syz-executor 1418 1 766 0 RE syz-executor 1423 1 766 0 RE syz-executor 1424 1 766 0 RE syz-executor 1427 1 766 0 RE syz-executor 1430 1 766 0 RE syz-executor 1433 1 1433 0 REVs syz-executor 1439 1 1261 0 RE syz-executor 1442 1 1261 0 RE syz-executor 1450 1 1261 0 RE syz-executor 1455 1 766 0 RE syz-executor 1461 1 1052 0 RE syz-executor 1465 1 1052 0 RE syz-executor 1470 1 1261 0 RE syz-executor 1478 1 1052 0 RE syz-executor 1479 1 766 0 RE syz-executor 1484 1 1052 0 REV syz-executor 1498 1 766 0 REV syz-executor 1501 1 1261 0 RE syz-executor 1503 1 1481 0 RE syz-executor 1507 1 1481 0 RE syz-executor 1512 1 1261 0 RE syz-executor 1517 1 1261 0 RE syz-executor 1523 1 766 0 RE syz-executor 1535 1 1481 0 REV syz-executor 1536 1 766 0 RE syz-executor 1543 1 1261 0 RE syz-executor 1546 1 1261 0 RE syz-executor 1557 1 1261 0 REV syz-executor 1559 1 1481 0 RE syz-executor 1566 1 1481 0 RE syz-executor 1570 1 1481 0 RE syz-executor 1572 1 1481 0 Z syz-executor 1573 1 1481 0 Z syz-executor 1574 1 1481 0 Z syz-executor 1590 1 1481 0 RE syz-executor 1592 1 1481 0 RE syz-executor 1601 1 1481 0 RE syz-executor 1604 1 1261 0 RE syz-executor 1613 1 1261 0 RE syz-executor 1614 1 1261 0 RE syz-executor 1628 1 766 0 RE syz-executor 1636 1 766 0 RE syz-executor 1637 1 766 0 RE syz-executor 1649 1 1481 0 REV syz-executor 1652 1 1261 0 RE syz-executor 1656 1 766 0 RE syz-executor 1660 1 1481 0 Z syz-executor 1667 1 766 0 Z syz-executor 1670 1 766 0 REV syz-executor 1680 1 1261 0 RE syz-executor 1681 1 1261 0 RE syz-executor 1682 1 1261 0 RE syz-executor 1691 1 1261 0 Z syz-executor 1695 1 1261 0 REV syz-executor 1700 1 1261 0 RE syz-executor 1701 1 1261 0 RE syz-executor 1709 1 1261 0 RE syz-executor 1711 1 1261 0 RE syz-executor 1720 1 1261 0 REV syz-executor 1722 1 766 0 RE syz-executor 1733 1 1261 0 REV syz-executor 1734 1 1261 60929 REV syz-executor 1737 1 766 0 RE syz-executor 1739 1 766 0 RE syz-executor 1741 1 766 0 Z syz-executor 1749 1 0 0 ZL [md3] 1762 1 1261 0 RE syz-executor 1767 1 1261 0 RE syz-executor 1770 1 1261 0 RE syz-executor 1771 1 1261 0 RE syz-executor 1773 1 1261 0 Z syz-executor 1774 1 1261 0 Z syz-executor 1775 1 1261 0 RE syz-executor 1776 1 1261 0 RE syz-executor 1782 1 1261 0 RE syz-executor 759 1 759 0 REs sshd 1784 1 766 0 RE syz-executor 1792 1 1261 0 RE syz-executor 1794 1 766 0 RE syz-executor 1795 1 766 0 RE syz-executor 1800 1 766 0 RE syz-executor 1805 1 1261 0 RE syz-executor 1810 1 1261 0 Z syz-executor 872 1 424 0 RE rtsol db> show all locks Process 1809 (syz-executor) thread 0xfffffe007f874000 (101753) exclusive sleep mutex pmap (pmap) r = 0 (0xfffffe007f888c78) locked @ /syzkaller/managers/main/kernel/sys/amd64/amd64/pmap.c:8598 Process 1801 (syz-executor) thread 0xfffffe007f874740 (101740) exclusive rw vmobject (vmobject) r = 0 (0xfffffe007f870d90) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_object.c:650 Process 1687 (syz-executor) thread 0xfffffe007f861740 (101557) exclusive sx sapblk (sapblk) r = 0 (0xffffffff83b8b800) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_proc.c:3464 Process 1089 (ifconfig) thread 0xfffffe005491a000 (100225) exclusive sx ifnet_detach_sx (ifnet_detach_sx) r = 0 (0xffffffff83cbb580) locked @ /syzkaller/managers/main/kernel/sys/net/if.c:3027 Process 986 (syz-executor) thread 0xfffffe00548a3000 (100114) exclusive rw vmobject (vmobject) r = 0 (0xfffffe0054923d90) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_object.c:650 Process 969 (syz-executor) thread 0xfffffe005493a000 (100256) shared sx filedesc structure (filedesc structure) r = 0 (0xfffffe0077dcb510) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_mqueue.c:2509 Process 763 (syz-executor) thread 0xfffffe00548a4000 (100100) exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe006bf059c0) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_socket.c:4840 Process 12 (intr) thread 0xfffffe0008021740 (100033) exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0077cf5320) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_pcb.c:2023 db> show malloc Type InUse MemUse Requests pf_hash 6 12804K 6 linker 443 12676K 1106 tcp_hpts 7 4801K 7 sctp_stro 7 4338K 25 devbuf 4188 4324K 4222 solaris 2244 3597K 4470 sysctloid 44910 2638K 45256 vtbuf 24 1968K 46 kobj 331 1324K 573 subproc 576 1220K 2127 newblk 11 1027K 6620 vfscache 3 1025K 3 filedesc 125 998K 1847 pcb 55 699K 1046 inodedep 203 588K 1945 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 472K 4 vmem 5 276K 10 vnet_data 2 224K 2 acpitask 1 224K 1 KTRACE 101 201K 97233 acpica 1674 184K 54444 tidhash 3 141K 3 pagedep 5 129K 876 tfo_ccache 1 128K 1 IP reass 1 128K 1 DEVFS1 119 119K 144 kdtrace 659 113K 3575 freework 429 108K 2383 sem 4 106K 4 gtaskqueue 18 98K 18 umtx 768 96K 768 bus 1006 82K 5090 mtx_pool 3 74K 3 md_sectors 18 72K 52 syncache 1 68K 1 NFSD srvcache 3 68K 3 module 527 66K 535 ddb_capture 1 64K 1 temp 48 40K 2992 freeblks 150 38K 1047 DEVFS3 138 35K 150 hostcache 1 32K 1 shm 1 32K 24 msg 4 30K 4 kbdmux 6 28K 6 LRO 26 27K 28 routetbl 266 26K 711 md_disk 24 25K 63 freefile 190 24K 1216 ifaddr 91 23K 95 kqueue 294 22K 3055 lltable 67 21K 78 DEVFS_RULE 56 20K 56 kstat_data 19 19K 19 ifnet 10 19K 11 ether_multi 226 18K 303 ufs_mount 4 17K 5 GEOM 103 17K 773 proc 3 17K 3 tty 16 16K 16 ithread 90 15K 90 bus-sc 34 15K 1656 eventhandler 166 14K 166 in6_multi 88 13K 97 devstat 6 13K 6 plimit 32 12K 831 shmfd 10 12K 42 kenv 95 12K 95 cred 41 11K 485 CAM queue 5 11K 1528 rman 82 10K 467 taskqueue 90 10K 153 Unitno 268 10K 354 rpc 8 9K 8 sctp_atcl 23 9K 353 bmsafemap 3 9K 1536 UART 12 9K 12 filemon 1 8K 31 ksem 1 8K 6 pfs_vncache 1 8K 1 audit_evclass 239 8K 301 pwddesc 99 7K 1894 UMA 340 7K 342 sglist 6 7K 6 CAM DEV 3 6K 510 pfs_nodes 22 6K 22 pf_ifnet 15 6K 31 DEVFSP 75 5K 449 ufs_dirhash 24 5K 45 dirrem 17 5K 1334 tcp_fsb_rack 2 5K 22 vt 11 5K 11 pf_table 2 4K 3 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 kcovinfo 63 4K 72 acpisem 28 4K 28 sctp_timw 13 4K 13 terminal 11 3K 11 proc-args 108 3K 3012 tun 7 3K 7 ip6ndp 17 3K 20 uidinfo 5 3K 25 acpidev 20 3K 20 lockf 22 3K 371 hhook 8 3K 10 sctp_ifa 18 3K 20 in_multi 9 3K 22 clone 9 3K 9 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 session 16 2K 86 inpcbpolicy 57 2K 1491 sctp_atky 34 2K 394 BPF 10 2K 108 CAM XPT 22 2K 543 nhops 6 2K 10 vnodemarker 3 2K 131 toponodes 6 2K 6 ipsecpolicy 2 2K 2 osd 39 2K 603 msi 9 2K 9 netlink 2 2K 135 mld 9 2K 9 CC Mem 9 2K 558 igmp 9 2K 9 sctp_ifn 8 1K 20 sctp_stri 2 1K 18 softdep 1 1K 1 indirdep 4 1K 1472 sahead 1 1K 1 secasvar 1 1K 1 NFSD session 1 1K 1 CAM periph 4 1K 271 ipsec 3 1K 3 pfil 6 1K 6 isadev 6 1K 12 mount 16 1K 2960 pci_link 10 1K 10 crypto 4 1K 99 encap_export_host 12 1K 12 frag6 6 1K 48 mkdir 4 1K 1572 diradd 4 1K 1362 cdev 2 1K 2 lkpikmalloc 8 1K 9 iov 2 1K 30641 ip6_msource 6 1K 9 ip_msource 6 1K 38 chacha20random 1 1K 1 biobuf 1 1K 1 sctp_athm 23 1K 363 vnodes 2 1K 43 tcp_pcm_rack 1 1K 11 cryptodev 4 1K 448 sctp_aadr 4 1K 9 newdirblk 2 1K 786 ip6opt 1 1K 62 ktls 1 1K 20 select 2 1K 116 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 CAM SIM 2 1K 2 prison 8 1K 8 sctp_map 14 1K 48 feeder 7 1K 7 taskq 2 1K 2 tcpfunc 3 1K 3 loginclass 3 1K 6 pf_rule 1 1K 2 nexusdev 8 1K 8 apmdev 1 1K 1 atkbddev 2 1K 2 VN POLL 1 1K 25 aio 4 1K 86 pmchooks 1 1K 1 sigio 2 1K 4 CAM path 4 1K 1034 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 sctp_vrf 1 1K 1 ip6_moptions 2 1K 15 vnet 1 1K 1 accf 1 1K 1 pmc 1 1K 1 filedesc_to_leader 1 1K 14 entropy 2 1K 37 acpiintr 1 1K 1 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 sfs_nodes 0 0K 0 zones_data 0 0K 0 ext2_mount 0 0K 0 ext2_node 0 0K 0 ext2_extents 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_krule_item 0 0K 0 pf_temp 0 0K 0 tcp_do_rack 0 0K 0 mqdata 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 144 sctp_iter 0 0K 20 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 20 ipcomp 0 0K 0 esp 0 0K 0 ah 0 0K 0 madt_table 0 0K 2 smartpqi 0 0K 0 ixl 0 0K 0 ice-resmgr 0 0K 0 ice-osdep 0 0K 0 ice 0 0K 0 iavf 0 0K 0 axgbe 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 NMI handlers 0 0K 0 bounce 0 0K 0 busdma 0 0K 0 qpidrv 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 amdiommu_dom 0 0K 0 amdiommu_ctx 0 0K 0 isci 0 0K 0 iommu_dmamap 0 0K 0 hyperv_socket 0 0K 0 bxe_ilt 0 0K 0 aesni_data 0 0K 4 xenbus 0 0K 0 vm_fictitious 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 729 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 64 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freefrag 0 0K 257 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 ktls_ocf 0 0K 2 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS_RX 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EN 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5DUMP 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 simple_attr 0 0K 0 seq_file 0 0K 0 lkpiskb 0 0K 0 radix 0 0K 0 idr 0 0K 0 lkpindev 0 0K 0 lkpimhi 0 0K 0 lkpifw 0 0K 0 lkpi80211 0 0K 0 NLM 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 in6_mfilter 0 0K 19 tcplog 0 0K 0 tcp_hwpace 0 0K 0 ip_moptions 0 0K 36 in_mfilter 0 0K 64 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 30 fadvise 0 0K 5 statfs 0 0K 233 namei_tracker 0 0K 8 export_host 0 0K 0 cl_savebuf 0 0K 156 lio 0 0K 42 acl 0 0K 0 soname 0 0K 4120 mbuf_tag 0 0K 0 pts 0 0K 0 timerfd 0 0K 0 procdesc 0 0K 10 selfd 0 0K 316281 ioctlops 0 0K 479 eventfd 0 0K 11 Witness 0 0K 0 stack 0 0K 0 sbuf 0 0K 692 firmware 0 0K 0 compressor 0 0K 0 SWAP 0 0K 0 sysctltmp 0 0K 690 sysctl 0 0K 3 ekcd 0 0K 0 dumper 0 0K 0 sendfile 0 0K 10 rctl 0 0K 0 cache 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 filecaps 0 0K 82 pwd 0 0K 0 tty console 0 0K 0 boottrace 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 120 geom_flashmap 0 0K 0 tmpfs dir 0 0K 0 tmpfs name 0 0K 0 tmpfs mount 0 0K 0 tmpfs extattr 0 0K 0 NFS FHA 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroff 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 xnb 0 0K 0 xen_acpi 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 pvscsi 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 twsbuf 0 0K 0 tcp_log_dev 0 0K 17 midi buffers 0 0K 0 mixer 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 SIIS driver 0 0K 0 PUC 0 0K 0 ppbusdev 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 mpi3mrbuf 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 mps_user 0 0K 0 MPSSAS 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 mpr 0 0K 0 mfibuf 0 0K 0 malodev 0 0K 0 LED 0 0K 0 ix_sriov 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 ciss_data 0 0K 0 BACKLIGHT 0 0K 0 ath_hal 0 0K 0 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 acpipwr 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 aacraidcam 0 0K 0 aacraid_buf 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 XZ_DEC 0 0K 0 nvlist 0 0K 2275 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 scsi_pass 0 0K 0 scsi_da 0 0K 70 ata_da 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 nvme_da 0 0K 0 CAM CCB 0 0K 523 CAM ccb queue 0 0K 0 db> show uma Zone Size Used Free Requests Sleeps Bucket Total Mem XFree mbuf_jumbo_page 4096 8329 1069 19859 0 254 38494208 0 malloc-16384 16384 65 149 1109 0 1 3506176 0 RADIX NODE 152 11872 7623 76326 0 62 2963240 0 mbuf 256 9049 1633 34994 0 254 2734592 0 mbuf_cluster 2048 508 508 543 0 254 2080768 0 malloc-128 128 14687 193 15385 0 126 1904640 0 BUF TRIE 152 389 11415 6178 0 62 1794208 0 malloc-384 384 4156 14 4510 0 30 1601280 0 malloc-4096 4096 331 5 573 0 2 1376256 0 UMA Slabs 0 112 11917 29 11917 0 126 1337952 0 malloc-4096 4096 303 13 1935 0 2 1294336 0 sctp_asoc 2256 7 503 24 0 254 1150560 0 vmem btag 56 20172 171 22275 0 254 1139208 0 malloc-64 64 242 17335 317552 0 254 1124928 0 zio_buf_comb_1048576 1048576 0 1 15 0 1 1048576 0 FFS inode 1168 583 215 1858 0 8 932064 0 VM OBJECT 248 1052 1924 25129 0 62 738048 0 malloc-65536 65536 10 1 15 0 1 720896 0 THREAD 1824 381 3 1756 0 8 700416 0 sctp_ep 1152 14 497 318 0 254 588672 0 malloc-256 256 2161 134 2654 0 62 587520 0 MAP ENTRY 96 1110 4938 87349 0 126 580608 0 256 Bucket 2048 246 26 1856 0 8 557056 0 socket 1024 74 434 3458 0 254 520192 0 lkpicurr 168 2 3094 2 0 62 520128 0 pbuf 2624 0 186 0 0 2 488064 0 PROC 1376 276 21 1817 0 8 408672 0 VNODE 440 624 276 1902 0 30 396000 0 malloc-65536 65536 4 2 114 0 1 393216 0 sctp_raddr 736 13 504 45 0 254 380512 0 malloc-256 256 1315 125 13199 0 62 368640 0 FPU_save_area 832 383 22 2455 0 16 336960 0 malloc-65536 65536 1 4 79 0 1 327680 0 malloc-64 64 4801 302 35325 0 254 326592 0 malloc-16 16 18334 416 40822 0 254 300000 0 filedesc0 1072 100 173 1894 0 8 292656 0 malloc-32768 32768 1 7 1223 0 1 262144 0 malloc-32 32 7432 254 39720 0 254 245952 0 UMA Zones 768 312 2 314 0 16 241152 0 malloc-32768 32768 1 6 123 0 1 229376 0 malloc-2048 2048 102 10 388 0 8 229376 0 DEVCTL 1024 65 155 190 0 0 225280 0 FFS2 dinode 256 583 287 1858 0 62 222720 0 tcp_log 416 4 509 176 0 254 213408 0 malloc-2048 2048 21 67 524 0 8 180224 0 malloc-128 128 1218 177 26131 0 126 178560 0 lkpimm 56 1 3095 1 0 254 173376 0 unpcb 320 7 509 1537 0 254 165120 0 malloc-1024 1024 136 24 399 0 16 163840 0 tcp_inpcb 1304 11 109 554 0 8 156480 0 S VFS Cache 104 1064 340 2444 0 126 146016 0 zio_buf_comb_131072 131072 0 1 1 0 1 131072 0 malloc-65536 65536 0 2 18 0 1 131072 0 malloc-65536 65536 2 0 2 0 1 131072 0 malloc-32768 32768 2 2 122 0 1 131072 0 malloc-32768 32768 4 0 4 0 1 131072 0 64 Bucket 512 246 10 10270 0 30 131072 0 malloc-128 128 821 202 1661 0 126 130944 0 VMSPACE 584 37 187 1726 0 16 130816 0 mbuf_packet 256 11 497 1560 0 254 130048 0 malloc-384 384 299 31 300 0 30 126720 0 128 Bucket 1024 97 18 403 0 16 117760 0 ksiginfo 112 274 770 840 0 126 116928 0 UMA Kegs 384 298 5 300 0 30 116352 0 malloc-128 128 643 256 2389 0 126 115072 0 malloc-8192 8192 9 4 22 0 1 106496 0 ertt_txseginfo 40 0 2626 6080 0 254 105040 0 malloc-384 384 246 24 3034 0 30 103680 0 malloc-128 128 544 231 3951 0 126 99200 0 malloc-16384 16384 4 2 14 0 1 98304 0 malloc-4096 4096 20 4 611 0 2 98304 0 malloc-2048 2048 4 44 675 0 8 98304 0 g_bio 408 0 240 32187 0 30 97920 0 syncache 168 0 528 8 0 254 88704 0 malloc-64 64 930 393 3499 0 254 84672 0 malloc-8192 8192 4 6 36 0 1 81920 0 malloc-8192 8192 5 5 176 0 1 81920 0 malloc-256 256 94 221 2545 0 62 80640 0 sctp_readq 152 0 520 13 0 254 79040 0