panic: mtx_lock() of destroyed mutex @ /syzkaller/managers/i386/kernel/sys/netinet/sctp_pcb.c:4855 cpuid = 1 time = 1605782390 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0003636120 vpanic() at vpanic+0x1c7/frame 0xfffffe0003636180 panic() at panic+0x43/frame 0xfffffe00036361e0 __mtx_lock_flags() at __mtx_lock_flags+0x1e2/frame 0xfffffe0003636240 sctp_free_assoc() at sctp_free_assoc+0x83e/frame 0xfffffe00036362d0 sctp_process_control() at sctp_process_control+0x8a98/frame 0xfffffe0003636750 sctp_common_input_processing() at sctp_common_input_processing+0x7db/frame 0xfffffe00036368e0 sctp_input_with_port() at sctp_input_with_port+0x308/frame 0xfffffe00036369d0 sctp_input() at sctp_input+0x1f/frame 0xfffffe00036369f0 ip_input() at ip_input+0x388/frame 0xfffffe0003636a90 swi_net() at swi_net+0x20d/frame 0xfffffe0003636b10 ithread_loop() at ithread_loop+0x33f/frame 0xfffffe0003636bb0 fork_exit() at fork_exit+0xb3/frame 0xfffffe0003636bf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0003636bf0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 12 tid 100020 ] Stopped at kdb_enter+0x67: movq $0,0x1478c66(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0x80 rdx 0xffffffff819292d0 rbx 0 rsp 0xfffffe0003636100 rbp 0xfffffe0003636120 rsi 0x1 rdi 0 r8 0 r9 0xffffffff r10 0xfffffe00036367dc r11 0xbf r12 0xffffffff820671c0 ddb_dbbe r13 0 r14 0xffffffff81975651 r15 0xffffffff81975651 rip 0xffffffff810e3717 kdb_enter+0x67 rflags 0x86 kdb_enter+0x67: movq $0,0x1478c66(%rip) db>