panic: ASan: Invalid access, 8-byte read at 0xfffffe00784ac000, UMAUseAfterFree(fd) cpuid = 0 time = 13 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe005716edf0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe005716ef50 vpanic() at vpanic+0x257/frame 0xfffffe005716f110 panic() at panic+0xb5/frame 0xfffffe005716f1d0 kasan_report() at kasan_report+0xdf/frame 0xfffffe005716f2a0 sctp_stop_timers_for_shutdown() at sctp_stop_timers_for_shutdown+0xda/frame 0xfffffe005716f2d0 sctp_disconnect() at sctp_disconnect+0x620/frame 0xfffffe005716f3d0 soclose() at soclose+0x270/frame 0xfffffe005716f4c0 _fdrop() at _fdrop+0x5c/frame 0xfffffe005716f4f0 closef() at closef+0x655/frame 0xfffffe005716f6d0 fdescfree() at fdescfree+0xa5e/frame 0xfffffe005716f8b0 exit1() at exit1+0x887/frame 0xfffffe005716f950 sigexit() at sigexit+0x213/frame 0xfffffe005716fa70 postsig() at postsig+0x2c5/frame 0xfffffe005716fbf0 ast_sig() at ast_sig+0x85b/frame 0xfffffe005716fea0 ast_handler() at ast_handler+0x2b0/frame 0xfffffe005716ff10 ast() at ast+0x25/frame 0xfffffe005716ff30 doreti_ast() at doreti_ast+0x1c/frame 0x82661bf10 KDB: enter: panic [ thread pid 1482 tid 101209 ] Stopped at kdb_enter+0x6e: movq $0,0x25b6f77(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xffffffff81625b7e _vprintf+0x1ae rdx 0 rbx 0xffffffff827e1820 .str.27 rsp 0xfffffe005716ef30 rbp 0xfffffe005716ef50 rsi 0 rdi 0xffffffff816260e9 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0x3f r12 0xfffffe00541cb780 r13 0xfffffffffffffffe r14 0xffffffff827e1820 .str.27 r15 0 rip 0xffffffff8160fc1e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25b6f77(%rip) db> show proc Process 1482 (syz-executor) at 0xfffffe00541ba558: state: NORMAL uid: 0 gids: 0, 5 parent: pid 1 at 0xfffffe0007809010 ABI: FreeBSD ELF64 flag: 0x10102000 flag2: 0x40001 arguments: ./syz-executor exec reaper: 0xfffffe0007809010 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe005414ddb0 (map 0xfffffe005414ddb0) (map.pmap 0xfffffe005414de50) (pmap 0xfffffe005414dec0) threads: 1 101209 Run CPU 0 syz-executor db> ps pid ppid pgrp uid state wmesg wchan cmd 1867 764 764 0 R (threaded) syz-executor 102016 RunQ syz-executor 102091 RunQ syz-executor 1866 766 766 60928 T (threaded) syz-executor 101547 s syz-executor 102092 RunQ syz-executor 1864 1141 1141 0 RE syz-executor 1860 0 0 0 DL mdwait 0xfffffe007c375000 [md6] 1848 0 0 0 DL mdwait 0xfffffe007c376000 [md5] 1824 1 1141 0 T syz-executor 1803 1801 766 0 SV lockf 0xfffffe00595abb80 syz-executor 1801 1 766 0 DV ppwait 0xfffffe007c456fc0 syz-executor 1777 1776 766 0 S uwait 0xfffffe007cab9c00 syz-executor 1764 1762 1762 0 D tun_con 0xfffffe006df140a8 ifconfig 1762 762 1762 0 S wait 0xfffffe00540cb570 syz-executor 1616 0 0 0 DL aiordy 0xfffffe007c414560 [aiod30] 1612 0 0 0 DL aiordy 0xfffffe007c40b558 [aiod26] 1524 1 1141 0 RE syz-executor 1485 0 0 0 DL mdwait 0xfffffe0077b76000 [md4] 1482 1 764 0 RE CPU 0 syz-executor 1470 1 764 0 S uwait 0xfffffe00784be780 syz-executor 1464 1 1141 0 R syz-executor 1458 1 766 0 S uwait 0xfffffe0077e0bb00 syz-executor 1455 1 766 0 S uwait 0xfffffe007bfac100 syz-executor 1453 1 766 0 S uwait 0xfffffe00596f0e80 syz-executor 1445 1 766 0 S uwait 0xfffffe0077e09a80 syz-executor 1443 0 0 0 DL mdwait 0xfffffe007b54e000 [md0] 1440 1 1141 0 S uwait 0xfffffe006e570080 syz-executor 1430 1 1141 0 S uwait 0xfffffe0077e0a200 syz-executor 1426 1 1141 0 S uwait 0xfffffe0077e09d80 syz-executor 1415 1 766 0 S uwait 0xfffffe0059660480 syz-executor 1414 1 765 0 S uwait 0xfffffe0077655e00 syz-executor 1413 1 764 0 S uwait 0xfffffe007806f700 syz-executor 1410 1 764 0 S uwait 0xfffffe00596f0b80 syz-executor 1405 1 764 0 S uwait 0xfffffe0077e0a900 syz-executor 1404 1 766 0 S uwait 0xfffffe00596f0c80 syz-executor 1403 1 766 0 S uwait 0xfffffe0059660f00 syz-executor 1402 1 764 0 S uwait 0xfffffe0059661b80 syz-executor 1397 1 765 0 S uwait 0xfffffe0077e0bd80 syz-executor 1396 0 0 0 DL mdwait 0xfffffe007b54f000 [md512] 1388 1 764 0 SV uwait 0xfffffe0059661a80 syz-executor 1383 1 764 0 S uwait 0xfffffe0077655d80 syz-executor 1372 1 766 0 S uwait 0xfffffe0077658400 syz-executor 1371 1 766 0 S uwait 0xfffffe00596f1c80 syz-executor 1365 1 1141 0 S uwait 0xfffffe007b33e580 syz-executor 1364 1 764 0 S uwait 0xfffffe0077655900 syz-executor 1358 1 764 0 S uwait 0xfffffe0077655d00 syz-executor 1350 1 766 0 S uwait 0xfffffe007b33e880 syz-executor 1349 1 766 0 S uwait 0xfffffe007b33e780 syz-executor 1344 1 1141 0 S uwait 0xfffffe00596f1a00 syz-executor 1340 1 765 0 S uwait 0xfffffe0077e0bc80 syz-executor 1311 1 764 0 S uwait 0xfffffe00596f1780 syz-executor 1306 1 766 0 SV uwait 0xfffffe0077e0a700 syz-executor 1294 1 764 0 S uwait 0xfffffe006e56f780 syz-executor 1293 1 764 0 S uwait 0xfffffe0077e09c80 syz-executor 1283 0 0 0 DL mdwait 0xfffffe00776cb000 [md3] 1266 1 764 0 S uwait 0xfffffe0077e0a600 syz-executor 1255 1 764 0 S uwait 0xfffffe006e56d380 syz-executor 1242 1 766 0 S uwait 0xfffffe006e56f380 syz-executor 1240 1 764 0 S uwait 0xfffffe00596f1a80 syz-executor 1236 1 1141 0 S uwait 0xfffffe0077657e00 syz-executor 1232 1 765 0 S uwait 0xfffffe005965fd80 syz-executor 1230 1 764 0 S uwait 0xfffffe006e56ff00 syz-executor 1217 1 1141 0 S uwait 0xfffffe006e56d780 syz-executor 1214 1 766 0 S uwait 0xfffffe006e570580 syz-executor 1197 1 765 0 S uwait 0xfffffe006e56d580 syz-executor 1195 1 1141 0 S uwait 0xfffffe0077e0c000 syz-executor 1194 1 1141 0 S uwait 0xfffffe0077e0be80 syz-executor 1191 0 0 0 DL mdwait 0xfffffe0059844000 [md2] 1190 0 0 0 DL mdwait 0xfffffe00776cc000 [md1] 1183 1 766 0 S uwait 0xfffffe0077655a80 syz-executor 1179 1 1141 0 S uwait 0xfffffe00596f1d00 syz-executor 1176 1 765 60929 S uwait 0xfffffe005965fa80 syz-executor 1159 1 764 0 S uwait 0xfffffe0059661380 syz-executor 1141 762 1141 0 D proctre 0xffffffff830019c0 syz-executor 1128 1 763 0 S uwait 0xfffffe006e56fb00 syz-executor 1105 1 765 0 S umtxn 0xfffffe005965c280 syz-executor 1101 1 765 0 S uwait 0xfffffe00596f1880 syz-executor 1099 1 765 0 S uwait 0xfffffe005965f380 syz-executor 1096 1 763 0 S uwait 0xfffffe005965fc80 syz-executor 1080 1 764 0 S uwait 0xfffffe0077656880 syz-executor 1079 1 765 0 S uwait 0xfffffe005965ce80 syz-executor 1066 1 765 0 S uwait 0xfffffe0077655b00 syz-executor 1055 1 765 0 S uwait 0xfffffe0077656800 syz-executor 1054 1 765 0 S uwait 0xfffffe006e56f580 syz-executor 1050 1 765 0 S uwait 0xfffffe0077658100 syz-executor 1042 1 766 0 S uwait 0xfffffe005965f100 syz-executor 1033 1 766 0 S uwait 0xfffffe0077e0c500 syz-executor 1032 1 764 0 S uwait 0xfffffe0077e0c400 syz-executor 1031 1 764 0 S uwait 0xfffffe0077e0c300 syz-executor 1030 1 764 0 S uwait 0xfffffe0077655c80 syz-executor 1029 1 764 0 S uwait 0xfffffe006e56fd00 syz-executor 1022 1 766 0 S uwait 0xfffffe005965f880 syz-executor 1008 0 0 0 DL - 0xffffffff83cb7e00 [soaiod4] 1007 0 0 0 DL - 0xffffffff83cb7e00 [soaiod3] 1006 0 0 0 DL - 0xffffffff83cb7e00 [soaiod2] 1005 0 0 0 DL - 0xffffffff83cb7e00 [soaiod1] 1004 1 764 0 S uwait 0xfffffe006e56f880 syz-executor 995 1 765 0 SV uwait 0xfffffe0077656380 syz-executor 989 1 765 0 S uwait 0xfffffe006e56f280 syz-executor 987 1 765 0 S uwait 0xfffffe0077656280 syz-executor 986 1 765 0 S uwait 0xfffffe006e56f680 syz-executor 984 1 763 0 S uwait 0xfffffe006e56d280 syz-executor 976 1 765 0 S uwait 0xfffffe005965c580 syz-executor 974 1 764 0 T syz-executor 972 1 764 0 S uwait 0xfffffe00593e8180 syz-executor 964 1 764 0 S uwait 0xfffffe005965cb80 syz-executor 963 1 764 0 S uwait 0xfffffe006e56d680 syz-executor 959 1 765 0 S uwait 0xfffffe005965c680 syz-executor 958 1 765 0 S uwait 0xfffffe0077658280 syz-executor 954 1 764 0 S uwait 0xfffffe005965c780 syz-executor 949 1 766 0 S uwait 0xfffffe006e56d480 syz-executor 929 1 766 0 S uwait 0xfffffe006e56d180 syz-executor 927 1 766 0 S uwait 0xfffffe006e56d080 syz-executor 926 0 0 0 DL (threaded) [KTLS] 100246 D - 0xfffffe0059b8e800 [thr_0] 100247 D - 0xfffffe0059b8e880 [thr_1] 100248 D - 0xffffffff83cb9628 [reclaim_0] 919 1 766 0 S uwait 0xfffffe00596f1100 syz-executor 909 1 765 0 S uwait 0xfffffe00596b2900 syz-executor 901 1 765 0 S uwait 0xfffffe00596f1200 syz-executor 891 1 763 0 S uwait 0xfffffe006e56fe00 syz-executor 888 0 0 0 DL (threaded) [so_splice] 100127 D - 0xfffffe0007688500 [thr_0] 100178 D - 0xfffffe0007688540 [thr_1] 875 1 765 0 S uwait 0xfffffe006e56fc00 syz-executor 834 1 765 0 S uwait 0xfffffe005965f200 syz-executor 829 1 765 0 S uwait 0xfffffe00596b2880 syz-executor 826 0 0 0 DL aiordy 0xfffffe0054112ab8 [aiod5] 825 0 0 0 DL aiordy 0xfffffe0054113010 [aiod4] 823 822 766 0 S uwait 0xfffffe005965ca80 syz-executor 822 1 766 0 SV uwait 0xfffffe005965f000 syz-executor 821 1 766 0 SV uwait 0xfffffe006e570480 syz-executor 807 1 763 0 S uwait 0xfffffe005965cc80 syz-executor 766 762 766 0 D proctre 0xffffffff830019c0 syz-executor 764 762 764 0 D proctre 0xffffffff830019c0 syz-executor 762 760 760 0 S select 0xfffffe005965f5c0 syz-executor 760 758 760 0 Ss sigsusp 0xfffffe00540c9b68 csh 747 1 747 0 Ts+ getty 746 1 746 0 Ts+ getty 745 1 745 0 Ts+ getty 744 1 744 0 Ts+ getty 743 1 743 0 Ts+ getty 742 1 742 0 Ts+ getty 741 1 741 0 Ts+ getty 740 1 740 0 Ts+ getty 739 1 739 0 Ts+ getty 16 0 0 0 DL syncer 0xffffffff83cc5820 [syncer] 15 0 0 0 DL vlruwt 0xfffffe000780a018 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83cc3d60 [bufdaemon] 100082 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100091 D sdflush 0xfffffe0053fe08e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d0ec80 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83cf4d48 [dom0] 100080 D launds 0xffffffff83cf4d54 [laundry: dom0] 100081 D umarcl 0xffffffff81df2890 [uma] 7 0 0 0 DL - 0xffffffff839205d8 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff8485ac30 [pf purge] 5 0 0 0 DL waiting 0xffffffff844fa700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100045 D - 0xffffffff838ea340 [doneq0] 100046 D - 0xffffffff838ea2c0 [async] 100075 D - 0xffffffff838ea140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83cf0640 [crypto] 100043 D crypto_ 0xfffffe0007a95c30 [crypto returns 0] 100044 D crypto_ 0xfffffe0007a95c80 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b50640 [g_event] 100038 D - 0xffffffff83b50660 [g_up] 100039 D - 0xffffffff83b50680 [g_down] 2 0 0 0 RL (threaded) [clock] 100031 I [clock (0)] 100032 RunQ [clock (1)] 12 0 0 0 RL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 Run CPU 1 [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809010 [init] 10 0 0 0 DL audit_w 0xffffffff83cf10e0 [audit] 0 0 0 0 RLs (threaded) [kernel] 100000 D parked 0xffffffff84c43ff0 [swapper] 100005 D - 0xfffffe0007a98b00 [softirq_0] 100006 D - 0xfffffe0007a98900 [softirq_1] 100007 D - 0xfffffe0007a98700 [if_io_tqg_0] 100008 D - 0xfffffe0007a98500 [if_io_tqg_1] 100009 D - 0xfffffe0007a98300 [if_config_tqg_0] 100010 D - 0xfffffe00083f9700 [kqueue_ctx taskq] 100011 D - 0xfffffe00083f9600 [jail_remove taskq] 100012 D - 0xfffffe00083f9500 [bus taskq] 100015 D - 0xfffffe00083f9000 [thread taskq] 100017 D - 0xfffffe00083f8c00 [aiod_kick taskq] 100018 D - 0xfffffe00083f8b00 [deferred_unmount ta] 100019 RunQ [inm_free taskq] 100020 D - 0xfffffe00083f8900 [in6m_free taskq] 100021 D - 0xfffffe00083f8800 [linuxkpi_irq_wq] 100022 D - 0xfffffe00083f8700 [linuxkpi_short_wq_0] 100023 D - 0xfffffe00083f8700 [linuxkpi_short_wq_1] 100024 D - 0xfffffe00083f8700 [linuxkpi_short_wq_2] 100025 D - 0xfffffe00083f8700 [linuxkpi_short_wq_3] 100026 D - 0xfffffe00083f8600 [linuxkpi_long_wq_0] 100027 D - 0xfffffe00083f8600 [linuxkpi_long_wq_1] 100028 D - 0xfffffe00083f8600 [linuxkpi_long_wq_2] 100029 D - 0xfffffe00083f8600 [linuxkpi_long_wq_3] 100036 D - 0xfffffe00083f8100 [firmware taskq] 100040 D - 0xfffffe00083f7e00 [crypto_0] 100041 D - 0xfffffe00083f7e00 [crypto_1] 100056 D - 0xfffffe00083f7700 [vtnet0 rxq 0] 100057 D - 0xfffffe00083f7600 [vtnet0 txq 0] 100058 D - 0xfffffe00083f7500 [vtnet0 rxq 1] 100059 D - 0xfffffe00083f7400 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe0057d76f00 [virtio_balloon] 100065 D - 0xffffffff827e5f01 [deadlkres] 100069 D - 0xfffffe00593db000 [acpi_task_0] 100070 D - 0xfffffe00593db000 [acpi_task_1] 100071 D - 0xfffffe00593db000 [acpi_task_2] 100073 D - 0xfffffe00083fb100 [mca taskq] 100074 D - 0xfffffe00083f7d00 [CAM taskq] 100076 D - 0xfffffe005825fe00 [ipsec_offload] 100363 D - 0xfffffe0077dfa600 [netlink_socket (PID] 101150 D - 0xfffffe0077f76700 [system_taskq_0] 101151 D - 0xfffffe0077f76700 [system_taskq_1] 101152 D - 0xfffffe0058260b00 [system_delay_taskq_] 101153 D - 0xfffffe0058260b00 [system_delay_taskq_] 101154 D - 0xfffffe0058260c00 [zvol_tq-0_0] 101155 D - 0xfffffe0058260c00 [zvol_tq-0_1] 101156 D - 0xfffffe0058260c00 [zvol_tq-0_2] 101157 D - 0xfffffe0058260c00 [zvol_tq-0_3] 101158 D - 0xfffffe0058260c00 [zvol_tq-0_4] 101159 D - 0xfffffe0058260c00 [zvol_tq-0_5] 101160 D - 0xfffffe0058260c00 [zvol_tq-0_6] 101161 D - 0xfffffe0058260c00 [zvol_tq-0_7] 101162 D - 0xfffffe0058260c00 [zvol_tq-0_8] 101163 D - 0xfffffe0058260c00 [zvol_tq-0_9] 101164 D - 0xfffffe0058260c00 [zvol_tq-0_10] 101165 D - 0xfffffe0058260c00 [zvol_tq-0_11] 101166 D - 0xfffffe0058260c00 [zvol_tq-0_12] 101167 D - 0xfffffe0058260c00 [zvol_tq-0_13] 101168 D - 0xfffffe0058260c00 [zvol_tq-0_14] 101169 D - 0xfffffe0058260c00 [zvol_tq-0_15] 101170 D - 0xfffffe0058260c00 [zvol_tq-0_16] 101171 D - 0xfffffe0058260c00 [zvol_tq-0_17] 101172 D - 0xfffffe0058260c00 [zvol_tq-0_18] 101173 D - 0xfffffe0058260c00 [zvol_tq-0_19] 101174 D - 0xfffffe0058260c00 [zvol_tq-0_20] 101175 D - 0xfffffe0058260c00 [zvol_tq-0_21] 101176 D - 0xfffffe0058260c00 [zvol_tq-0_22] 101177 D - 0xfffffe0058260c00 [zvol_tq-0_23] 101178 D - 0xfffffe0058260c00 [zvol_tq-0_24] 101179 D - 0xfffffe0058260c00 [zvol_tq-0_25] 101180 D - 0xfffffe0058260c00 [zvol_tq-0_26] 101181 D - 0xfffffe0058260c00 [zvol_tq-0_27] 101182 D - 0xfffffe0058260c00 [zvol_tq-0_28] 101183 D - 0xfffffe0058260c00 [zvol_tq-0_29] 101184 D - 0xfffffe0058260c00 [zvol_tq-0_30] 101185 D - 0xfffffe0058260c00 [zvol_tq-0_31] 101186 D - 0xfffffe00593d8500 [arc_prune] 101187 D - 0xfffffe00593d8600 [arc_flush_0] 101188 D - 0xfffffe00593d8600 [arc_flush_1] 101211 D - 0xfffffe0077f74200 [dbu_evict] 101232 D - 0xfffffe00593d8e00 [z_vdev_file_0] 101233 D - 0xfffffe00593d8e00 [z_vdev_file_1] 101234 D - 0xfffffe00593d8e00 [z_vdev_file_2] 101235 D - 0xfffffe00593d8e00 [z_vdev_file_3] 101236 D - 0xfffffe00593d8e00 [z_vdev_file_4] 101237 D - 0xfffffe00593d8e00 [z_vdev_file_5] 101238 D - 0xfffffe00593d8e00 [z_vdev_file_6] 101239 D - 0xfffffe00593d8e00 [z_vdev_file_7] 101240 D - 0xfffffe00593d8e00 [z_vdev_file_8] 101241 D - 0xfffffe00593d8e00 [z_vdev_file_9] 101242 D - 0xfffffe00593d8e00 [z_vdev_file_10] 101243 D - 0xfffffe00593d8e00 [z_vdev_file_11] 101244 D - 0xfffffe00593d8e00 [z_vdev_file_12] 101245 D - 0xfffffe00593d8e00 [z_vdev_file_13] 101246 D - 0xfffffe00593d8e00 [z_vdev_file_14] 101247 D - 0xfffffe00593d8e00 [z_vdev_file_15] 101261 D - 0xfffffe0077f73c00 [zfsvfs] 1490 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1492 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1494 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1523 1 765 0 DE proctre 0xffffffff830019c0 syz-executor 1528 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1552 1 765 0 DE proctre 0xffffffff830019c0 syz-executor 1559 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1576 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1583 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1584 1 764 0 DE proctre 0xffffffff830019c0 syz-executor 1619 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1623 1 765 0 DE proctre 0xffffffff830019c0 syz-executor 1624 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1627 1 764 0 DE proctre 0xffffffff830019c0 syz-executor 1629 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1631 1 764 0 DE proctre 0xffffffff830019c0 syz-executor 1636 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1639 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1641 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1642 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1645 1 766 0 DEV proctre 0xffffffff830019c0 syz-executor 1646 1 765 0 DE proctre 0xffffffff830019c0 syz-executor 1647 1 765 0 DE proctre 0xffffffff830019c0 syz-executor 1649 1 765 0 DE proctre 0xffffffff830019c0 syz-executor 1658 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1659 1 765 0 DE proctre 0xffffffff830019c0 syz-executor 1660 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1663 1 764 0 DE proctre 0xffffffff830019c0 syz-executor 1673 1 765 0 DE proctre 0xffffffff830019c0 syz-executor 1679 1 766 60929 DEV proctre 0xffffffff830019c0 syz-executor 1685 1 766 0 DEV proctre 0xffffffff830019c0 syz-executor 1693 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1701 1 765 0 DE proctre 0xffffffff830019c0 syz-executor 1703 1 764 0 DE proctre 0xffffffff830019c0 syz-executor 1705 1 1702 0 DE proctre 0xffffffff830019c0 syz-executor 1710 1 765 0 DEV proctre 0xffffffff830019c0 syz-executor 1720 1 764 0 DE proctre 0xffffffff830019c0 syz-executor 1727 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1728 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1732 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1744 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1756 1 764 0 DEV proctre 0xffffffff830019c0 syz-executor 1757 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1759 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1760 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1772 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1776 1 766 0 DEV proctre 0xffffffff830019c0 syz-executor 758 1 758 0 DEs proctre 0xffffffff830019c0 sshd 1787 1 1785 0 DE proctre 0xffffffff830019c0 syz-executor 1789 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1795 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1809 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1815 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1816 1 1141 0 DE proctre 0xffffffff830019c0 syz-executor 1821 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1822 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1834 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1838 1 766 0 DE proctre 0xffffffff830019c0 syz-executor 1851 1 766 0 DE proctre 0xffffffff830019c0 syz-executor db> show all locks Process 1867 (syz-executor) thread 0xfffffe007c442780 (102091) exclusive rw vmobject (vmobject) r = 0 (0xfffffe007c46d0f8) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_fault.c:358 shared sx vm map (user) (vm map (user)) r = 0 (0xfffffe007c463060) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:4998 Process 1866 (syz-executor) thread 0xfffffe007c453780 (102092) exclusive sleep mutex process lock (process lock) r = 0 (0xfffffe00541abbe0) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_procctl.c:362 shared sx proctree (proctree) r = 0 (0xffffffff830019c0) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_procctl.c:1230 Process 1864 (syz-executor) thread 0xfffffe007c445780 (102005) exclusive sleep mutex pmap (pmap) r = 0 (0xfffffe00541a9a30) locked @ /syzkaller/managers/main/kernel/sys/amd64/amd64/pmap.c:8526 Process 1764 (ifconfig) thread 0xfffffe007c44f000 (101813) exclusive sx ifnet_detach_sx (ifnet_detach_sx) r = 0 (0xffffffff83cc6000) locked @ /syzkaller/managers/main/kernel/sys/net/if.c:3000 Process 1524 (syz-executor) thread 0xfffffe00541e4000 (101272) exclusive rw vmobject (vmobject) r = 0 (0xfffffe00540fb8b8) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_object.c:647 Process 1482 (syz-executor) thread 0xfffffe00541cb780 (101209) exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffffe0077af4180) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_usrreq.c:674 exclusive sleep mutex sctp-inp (inp) r = 0 (0xfffffe006e55c168) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_usrreq.c:664 db> show malloc Type InUse MemUse Requests pf_hash 6 12804K 6 linker 444 12768K 964 tcp_hpts 7 4801K 7 devbuf 4187 4323K 4223 solaris 2247 3597K 4473 sysctloid 45499 2673K 45728 vtbuf 24 1968K 46 filedesc 202 1688K 1873 kobj 331 1324K 589 newblk 37 1033K 7252 vfscache 3 1025K 3 subproc 471 952K 2138 pcb 86 718K 1484 inodedep 85 544K 1854 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 472K 4 vmem 5 276K 9 vnet_data 2 224K 2 acpitask 1 224K 1 KTRACE 101 201K 102933 acpica 1674 184K 54456 md_sectors 36 144K 53 tidhash 3 141K 3 pagedep 6 130K 927 tfo_ccache 1 128K 1 IP reass 1 128K 1 DEVFS1 116 116K 136 kdtrace 591 108K 3970 sem 4 106K 4 umtx 800 100K 800 gtaskqueue 18 98K 18 bus 1007 82K 5105 mtx_pool 3 74K 3 syncache 1 68K 1 NFSD srvcache 3 68K 3 module 529 67K 536 ddb_capture 1 64K 1 freework 242 61K 2275 DEVFS3 135 34K 148 md_disk 44 34K 70 hostcache 1 32K 1 shm 1 32K 30 msg 4 30K 4 kbdmux 6 28K 6 LRO 22 23K 22 temp 34 21K 3163 ifaddr 76 21K 78 BPF 18 21K 168 DEVFS_RULE 56 20K 56 routetbl 175 20K 517 kstat_data 19 19K 19 GEOM 89 19K 695 kqueue 233 17K 3249 freeblks 67 17K 1036 ufs_mount 4 17K 5 proc 3 17K 3 lltable 52 16K 66 tty 16 16K 16 cred 41 16K 399 ether_multi 190 16K 268 ithread 90 15K 90 bus-sc 34 15K 1663 ifnet 8 15K 8 eventhandler 166 14K 166 devstat 6 13K 6 iov 3 12K 26758 shmfd 10 12K 43 kenv 95 12K 95 sctp_atcl 30 12K 576 mount 35 11K 1806 taskqueue 96 11K 264 CAM queue 5 11K 1528 in6_multi 75 10K 78 freefile 77 10K 1216 rman 82 10K 457 pwddesc 152 10K 2008 plimit 25 10K 433 rpc 8 9K 8 ksem 3 9K 7 bmsafemap 2 9K 1601 UART 12 9K 12 pfs_vncache 1 8K 1 CC Mem 62 8K 831 audit_evclass 240 8K 304 sctp_stro 7 7K 17 inpcbpolicy 217 7K 2018 UMA 345 7K 346 sglist 6 7K 6 CAM DEV 3 6K 510 pfs_nodes 22 6K 22 pf_ifnet 12 5K 26 crypto 13 5K 141 DEVFSP 75 5K 465 ufs_dirhash 24 5K 45 tcp_fsb_rack 2 5K 16 vt 11 5K 11 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 lockf 38 4K 463 acpisem 28 4K 28 proc-args 157 4K 2969 kcovinfo 54 4K 54 terminal 11 3K 11 osd 124 3K 915 uidinfo 5 3K 20 acpidev 20 3K 20 hhook 8 3K 10 in_multi 9 3K 25 clone 9 3K 9 ip6ndp 14 3K 16 netlink 2 3K 184 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 sctp_ifa 15 2K 16 tun 5 2K 5 Unitno 34 2K 1026 sctp_timw 7 2K 7 sctp_atky 39 2K 597 session 13 2K 219 CAM XPT 22 2K 543 vnodemarker 3 2K 129 toponodes 6 2K 6 ipsecpolicy 2 2K 2 ip6opt 9 2K 166 nhops 6 2K 9 msi 9 2K 9 inotify 6 2K 191 selfd 17 2K 281784 sctp_stri 2 1K 6 softdep 1 1K 1 sahead 1 1K 1 secasvar 1 1K 1 NFSD session 1 1K 1 cryptodev 15 1K 460 sctp_ifn 7 1K 16 mld 7 1K 7 igmp 7 1K 7 CAM periph 4 1K 271 ipsec 3 1K 3 diradd 6 1K 1437 indirdep 3 1K 1299 pfil 6 1K 6 isadev 6 1K 10 pci_link 10 1K 10 encap_export_host 12 1K 12 ip_msource 10 1K 60 cdev 2 1K 2 sctp_athm 30 1K 579 lkpikmalloc 8 1K 9 counter_rate 13 1K 13 chacha20random 1 1K 1 biobuf 1 1K 1 vnodes 2 1K 18 ktls 2 1K 66 tcp_pcm_rack 1 1K 8 ip_moptions 4 1K 49 VN POLL 2 1K 33 eventfd 2 1K 16 loginclass 4 1K 6 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 12 CAM SIM 2 1K 2 prison 8 1K 8 sctp_map 14 1K 34 feeder 7 1K 7 taskq 2 1K 2 ip6_msource 3 1K 17 frag6 2 1K 9 tcpfunc 3 1K 3 nexusdev 8 1K 8 apmdev 1 1K 1 atkbddev 2 1K 2 ktls_ocf 1 1K 12 in6_mfilter 2 1K 33 aio 4 1K 42 select 1 1K 121 pmchooks 1 1K 1 filedesc_to_leader 2 1K 11 CAM path 4 1K 1034 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 in_mfilter 2 1K 117 sctp_vrf 1 1K 1 sctp_aadr 1 1K 2 vnet 1 1K 1 accf 1 1K 1 sendfile 1 1K 22 pmc 1 1K 1 sigio 1 1K 7 entropy 2 1K 36 acpiintr 1 1K 1 cpus 2 1K 2 ip6_moptions 1 1K 20 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 sfs_nodes 0 0K 0 zones_data 0 0K 0 ext2_mount 0 0K 0 ext2_node 0 0K 0 ext2_extents 0 0K 0 pf_table 0 0K 0 pf_rule 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_krule_item 0 0K 0 pf_temp 0 0K 0 tcp_do_rack 0 0K 0 ipcomp 0 0K 0 esp 0 0K 0 ah 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 225 sctp_iter 0 0K 13 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 13 mqdata 0 0K 0 filemon 0 0K 53 madt_table 0 0K 2 smartpqi 0 0K 0 ixl 0 0K 0 ice-resmgr 0 0K 0 ice-osdep 0 0K 0 ice 0 0K 0 iavf 0 0K 0 axgbe 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 NMI handlers 0 0K 0 bounce 0 0K 0 busdma 0 0K 0 qpidrv 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 amdiommu_dom 0 0K 0 amdiommu_ctx 0 0K 0 isci 0 0K 0 iommu_dmamap 0 0K 0 hyperv_socket 0 0K 0 bxe_ilt 0 0K 0 aesni_data 0 0K 0 xenbus 0 0K 0 vm_fictitious 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 847 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 67 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 newdirblk 0 0K 853 dirrem 0 0K 1411 mkdir 0 0K 1706 freefrag 0 0K 336 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS_RX 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EN 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5DUMP 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 simple_attr 0 0K 0 seq_file 0 0K 0 lkpiskb 0 0K 0 radix 0 0K 0 idr 0 0K 0 lkpindev 0 0K 0 lkpimhi 0 0K 0 lkpifw 0 0K 0 lkpi80211 0 0K 0 NLM 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 tcplog 0 0K 0 tcp_hwpace 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 29 fadvise 0 0K 16 statfs 0 0K 220 namei_tracker 0 0K 15 export_host 0 0K 0 cl_savebuf 0 0K 184 lio 0 0K 31 acl 0 0K 0 soname 0 0K 4649 mbuf_tag 0 0K 0 pts 0 0K 0 timerfd 0 0K 0 procdesc 0 0K 12 ioctlops 0 0K 217 Witness 0 0K 0 stack 0 0K 0 sbuf 0 0K 500 firmware 0 0K 0 compressor 0 0K 0 SWAP 0 0K 0 sysctltmp 0 0K 653 sysctl 0 0K 3 ekcd 0 0K 0 dumper 0 0K 0 rctl 0 0K 0 cache 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 filecaps 0 0K 94 pwd 0 0K 0 tty console 0 0K 0 boottrace 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 132 geom_flashmap 0 0K 0 tmpfs dir 0 0K 0 tmpfs name 0 0K 0 tmpfs mount 0 0K 0 tmpfs extattr 0 0K 0 NFS FHA 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroff 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 4 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 xnb 0 0K 0 xen_acpi 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 pvscsi 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 ufshci 0 0K 0 twsbuf 0 0K 0 tcp_log_dev 0 0K 4 midi buffers 0 0K 0 mixer 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 SIIS driver 0 0K 0 PUC 0 0K 0 ppbusdev 0 0K 0 sr_iov 0 0K 0 OCS