panic: ASan: Invalid access, 8-byte read at 0xfffffe0077e24000, UMAUseAfterFree(fd) cpuid = 1 time = 1757511702 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056b4ecb0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056b4ee10 vpanic() at vpanic+0x257/frame 0xfffffe0056b4efd0 panic() at panic+0xb5/frame 0xfffffe0056b4f090 kasan_report() at kasan_report+0xdf/frame 0xfffffe0056b4f160 sctp_stop_association_timers() at sctp_stop_association_timers+0x1a7/frame 0xfffffe0056b4f190 sctp_free_assoc() at sctp_free_assoc+0x37d/frame 0xfffffe0056b4f2e0 sctp_handle_abort() at sctp_handle_abort+0x153/frame 0xfffffe0056b4f310 sctp_process_control() at sctp_process_control+0x2254/frame 0xfffffe0056b4f7e0 sctp_common_input_processing() at sctp_common_input_processing+0x87d/frame 0xfffffe0056b4fa20 sctp_input_with_port() at sctp_input_with_port+0x46f/frame 0xfffffe0056b4fbb0 sctp_input() at sctp_input+0x29/frame 0xfffffe0056b4fbd0 ip_input() at ip_input+0xaa2/frame 0xfffffe0056b4fcf0 swi_net() at swi_net+0x2b8/frame 0xfffffe0056b4fd90 ithread_loop() at ithread_loop+0x4ec/frame 0xfffffe0056b4fef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0056b4ff30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0056b4ff30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 12 tid 100033 ] Stopped at kdb_enter+0x6e: movq $0,0x259edd7(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xffffffff81641d1e _vprintf+0x1ae rdx 0 rbx 0xffffffff82805a20 .str.27 rsp 0xfffffe0056b4edf0 rbp 0xfffffe0056b4ee10 rsi 0 rdi 0xffffffff81642289 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0xbf r12 0xfffffe0007821780 r13 0xfffffffffffffffd r14 0xffffffff82805a20 .str.27 r15 0 rip 0xffffffff8162bdbe kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x259edd7(%rip) db> show proc Process 12 (intr) at 0xfffffe0007808560: state: NORMAL uid: 0 gid: 0 supp gids: 0 parent: pid 0 at 0xffffffff83b55080 ABI: null flag: 0x10000284 flag2: 0 reaper: 0xffffffff83b55080 reapsubtree: 12 sigparent: 20 vmspace: 0xffffffff83b56060 (map 0xffffffff83b56060) (map.pmap 0xffffffff83b56100) (pmap 0xffffffff83b56170) threads: 20 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 Run CPU 1 [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] db> ps pid ppid pgrp uid state wmesg wchan cmd 1172 0 0 0 DL mdwait 0xfffffe006b763000 [md3] 1171 1167 1025 0 S uwait 0xfffffe006dfaa580 syz-executor 1170 764 764 0 R (threaded) syz-executor 100552 RunQ syz-executor 100784 D bo_wwai 0xfffffe006e59ef28 syz-executor 1169 763 763 60928 R (threaded) syz-executor 100128 RunQ syz-executor 100783 RunQ syz-executor 1168 1167 1025 0 S uwait 0xfffffe0077e4db80 syz-executor 1167 1025 1025 0 R (threaded) syz-executor 100495 RunQ syz-executor 100782 S uwait 0xfffffe0078639680 syz-executor 1164 1102 1102 0 R (threaded) syz-executor 100774 RunQ syz-executor 100776 S sendfil 0xfffffe007888bc60 syz-executor 100785 S uwait 0xfffffe00784db080 syz-executor 1158 1 1102 0 LE *vmobjec 0xfffffe000782f300 syz-executor 1153 1 1102 0 RE syz-executor 1146 0 0 0 DL - 0xffffffff83b56520 [accounting] 1145 1 1025 0 RE syz-executor 1126 1 764 0 T syz-executor 1122 1 764 60928 T syz-executor 1102 762 1102 0 R syz-executor 1087 1 1025 0 RE CPU 0 syz-executor 1068 1 1025 0 RE syz-executor 1066 0 0 0 DL mdwait 0xfffffe006b764000 [md2] 1059 1 763 0 R syz-executor 1056 0 0 0 DL mdwait 0xfffffe0058635000 [md1] 1038 1 763 0 R syz-executor 1032 1 764 0 RV syz-executor 1027 1 764 0 R syz-executor 1025 762 1025 0 R syz-executor 1019 1 765 0 R syz-executor 1005 1 764 0 R syz-executor 1003 1 763 0 R syz-executor 998 1 764 0 T syz-executor 993 1 766 60928 RE syz-executor 978 1 765 0 R syz-executor 970 1 763 0 R syz-executor 969 1 763 0 R syz-executor 968 1 764 0 R syz-executor 961 960 765 0 SV uwait 0xfffffe0057d94780 syz-executor 960 1 765 0 DV ppwait 0xfffffe0054129a58 syz-executor 956 1 763 0 R syz-executor 944 1 764 0 R syz-executor 941 1 763 0 R syz-executor 937 1 763 0 R syz-executor 935 1 763 0 R syz-executor 931 1 763 0 R syz-executor 929 1 763 0 R syz-executor 928 1 763 0 R syz-executor 924 1 765 0 R syz-executor 923 1 765 0 R syz-executor 919 1 765 0 R syz-executor 913 1 765 0 R syz-executor 911 0 0 0 DL mdwait 0xfffffe0077652000 [md0] 906 1 763 0 R syz-executor 898 1 766 0 R syz-executor 890 1 766 0 R syz-executor 885 1 765 0 R syz-executor 884 1 765 0 R syz-executor 883 1 765 0 R syz-executor 872 1 764 0 R syz-executor 870 0 0 0 DL (threaded) [so_splice] 100116 D - 0xfffffe005858fd00 [thr_0] 100215 D - 0xfffffe005858fd40 [thr_1] 854 1 763 0 R syz-executor 848 1 765 0 R syz-executor 847 1 765 0 R syz-executor 845 1 765 0 RV syz-executor 844 0 0 0 DL (threaded) [KTLS] 100179 D - 0xfffffe0053e15a00 [thr_0] 100180 D - 0xfffffe0053e15a80 [thr_1] 100181 D - 0xffffffff83cbd628 [reclaim_0] 835 0 0 0 DL aiordy 0xfffffe005412aab8 [aiod4] 834 0 0 0 DL aiordy 0xfffffe0054108558 [aiod3] 833 0 0 0 DL aiordy 0xfffffe0054108ab0 [aiod2] 832 0 0 0 DL aiordy 0xfffffe0054109008 [aiod1] 828 1 764 0 R syz-executor 827 1 763 0 R syz-executor 826 1 763 0 R syz-executor 820 1 763 0 RV syz-executor 764 762 764 0 R syz-executor 763 762 763 0 R syz-executor 762 1 760 0 RE syz-executor 16 0 0 0 DL syncer 0xffffffff83cc9820 [syncer] 15 0 0 0 DL vlruwt 0xfffffe0054002558 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83cc7d60 [bufdaemon] 100082 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100094 D sdflush 0xfffffe0058278ce8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d12cc0 [vmdaemon] 8 0 0 0 RL (threaded) [pagedaemon] 100077 RunQ [dom0] 100080 D launds 0xffffffff83cf8d94 [laundry: dom0] 100081 D umarcl 0xffffffff81e11ab0 [uma] 7 0 0 0 RL [rand_harvestq] 6 0 0 0 RL [pf purge] 5 0 0 0 DL waiting 0xffffffff848ed700 [sctp_iterator] 4 0 0 0 RL (threaded) [cam] 100045 RunQ [doneq0] 100046 D - 0xffffffff838ee2c0 [async] 100075 D - 0xffffffff838ee140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83cf4660 [crypto] 100043 D crypto_ 0xfffffe0053ee4d30 [crypto returns 0] 100044 D crypto_ 0xfffffe0053ee4d80 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b54640 [g_event] 100038 D - 0xffffffff83b54660 [g_up] 100039 D - 0xffffffff83b54680 [g_down] 2 0 0 0 WL (threaded) [clock] 100031 I [clock (0)] 100032 I [clock (1)] 12 0 0 0 RL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 Run CPU 1 [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 RLs [init] 10 0 0 0 DL audit_w 0xffffffff83cf5100 [audit] 0 0 0 0 RLs (threaded) [kernel] 100000 D parked 0xffffffff84c49ff0 [swapper] 100005 RunQ [softirq_0] 100006 D - 0xfffffe0053ea0000 [softirq_1] 100007 D - 0xfffffe0053e9fe00 [if_io_tqg_0] 100008 D - 0xfffffe0053e9fd00 [if_io_tqg_1] 100009 D - 0xfffffe0053e9fc00 [if_config_tqg_0] 100010 D - 0xfffffe000776ab00 [kqueue_ctx taskq] 100011 D - 0xfffffe000776aa00 [jail_remove taskq] 100012 D - 0xfffffe000776a900 [bus taskq] 100015 D - 0xfffffe000776a600 [thread taskq] 100017 D - 0xfffffe000776a400 [aiod_kick taskq] 100018 D - 0xfffffe000776a300 [deferred_unmount ta] 100019 D - 0xfffffe000776a200 [inm_free taskq] 100020 D - 0xfffffe000776a100 [in6m_free taskq] 100021 D - 0xfffffe000776a000 [linuxkpi_irq_wq] 100022 D - 0xfffffe0007769e00 [linuxkpi_short_wq_0] 100023 D - 0xfffffe0007769e00 [linuxkpi_short_wq_1] 100024 D - 0xfffffe0007769e00 [linuxkpi_short_wq_2] 100025 D - 0xfffffe0007769e00 [linuxkpi_short_wq_3] 100026 D - 0xfffffe0007769d00 [linuxkpi_long_wq_0] 100027 D - 0xfffffe0007769d00 [linuxkpi_long_wq_1] 100028 D - 0xfffffe0007769d00 [linuxkpi_long_wq_2] 100029 D - 0xfffffe0007769d00 [linuxkpi_long_wq_3] 100036 D - 0xfffffe0007769b00 [firmware taskq] 100040 D - 0xfffffe0007769a00 [crypto_0] 100041 D - 0xfffffe0007769a00 [crypto_1] 100056 D - 0xfffffe0057de6e00 [vtnet0 rxq 0] 100057 D - 0xfffffe0057de6d00 [vtnet0 txq 0] 100058 D - 0xfffffe0057de6c00 [vtnet0 rxq 1] 100059 D - 0xfffffe0057de6b00 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe0057de0380 [virtio_balloon] 100065 D - 0xffffffff8280a101 [deadlkres] 100069 D - 0xfffffe00593fd500 [acpi_task_0] 100070 D - 0xfffffe00593fd500 [acpi_task_1] 100071 D - 0xfffffe00593fd500 [acpi_task_2] 100073 D - 0xfffffe000776ac00 [mca taskq] 100074 D - 0xfffffe0007769800 [CAM taskq] 100076 D - 0xfffffe000776c600 [ipsec_offload] 100257 D - 0xfffffe006b6cb100 [system_taskq_0] 100258 D - 0xfffffe006b6cb100 [system_taskq_1] 100259 D - 0xfffffe006b6cb500 [system_delay_taskq_] 100260 D - 0xfffffe006b6cb500 [system_delay_taskq_] 100261 D - 0xfffffe006b6cb200 [zvol_tq-0_0] 100262 D - 0xfffffe006b6cb200 [zvol_tq-0_1] 100263 D - 0xfffffe006b6cb200 [zvol_tq-0_2] 100264 D - 0xfffffe006b6cb200 [zvol_tq-0_3] 100265 D - 0xfffffe006b6cb200 [zvol_tq-0_4] 100266 D - 0xfffffe006b6cb200 [zvol_tq-0_5] 100267 D - 0xfffffe006b6cb200 [zvol_tq-0_6] 100268 D - 0xfffffe006b6cb200 [zvol_tq-0_7] 100269 D - 0xfffffe006b6cb200 [zvol_tq-0_8] 100270 D - 0xfffffe006b6cb200 [zvol_tq-0_9] 100271 D - 0xfffffe006b6cb200 [zvol_tq-0_10] 100272 D - 0xfffffe006b6cb200 [zvol_tq-0_11] 100273 D - 0xfffffe006b6cb200 [zvol_tq-0_12] 100274 D - 0xfffffe006b6cb200 [zvol_tq-0_13] 100275 D - 0xfffffe006b6cb200 [zvol_tq-0_14] 100276 D - 0xfffffe006b6cb200 [zvol_tq-0_15] 100277 D - 0xfffffe006b6cb200 [zvol_tq-0_16] 100278 D - 0xfffffe006b6cb200 [zvol_tq-0_17] 100279 D - 0xfffffe006b6cb200 [zvol_tq-0_18] 100280 D - 0xfffffe006b6cb200 [zvol_tq-0_19] 100281 D - 0xfffffe006b6cb200 [zvol_tq-0_20] 100282 D - 0xfffffe006b6cb200 [zvol_tq-0_21] 100283 D - 0xfffffe006b6cb200 [zvol_tq-0_22] 100284 D - 0xfffffe006b6cb200 [zvol_tq-0_23] 100285 D - 0xfffffe006b6cb200 [zvol_tq-0_24] 100286 D - 0xfffffe006b6cb200 [zvol_tq-0_25] 100287 D - 0xfffffe006b6cb200 [zvol_tq-0_26] 100288 D - 0xfffffe006b6cb200 [zvol_tq-0_27] 100289 D - 0xfffffe006b6cb200 [zvol_tq-0_28] 100290 D - 0xfffffe006b6cb200 [zvol_tq-0_29] 100291 D - 0xfffffe006b6cb200 [zvol_tq-0_30] 100292 D - 0xfffffe006b6cb200 [zvol_tq-0_31] 100293 D - 0xfffffe006b6cb300 [arc_prune] 100294 D - 0xfffffe006b6cb000 [arc_flush_0] 100295 D - 0xfffffe006b6cb000 [arc_flush_1] 100307 D - 0xfffffe006b6c9000 [dbu_evict] 100321 D - 0xfffffe00593fc700 [z_vdev_file_0] 100322 D - 0xfffffe00593fc700 [z_vdev_file_1] 100323 D - 0xfffffe00593fc700 [z_vdev_file_2] 100324 D - 0xfffffe00593fc700 [z_vdev_file_3] 100325 D - 0xfffffe00593fc700 [z_vdev_file_4] 100326 D - 0xfffffe00593fc700 [z_vdev_file_5] 100327 D - 0xfffffe00593fc700 [z_vdev_file_6] 100328 D - 0xfffffe00593fc700 [z_vdev_file_7] 100329 D - 0xfffffe00593fc700 [z_vdev_file_8] 100330 D - 0xfffffe00593fc700 [z_vdev_file_9] 100331 D - 0xfffffe00593fc700 [z_vdev_file_10] 100332 D - 0xfffffe00593fc700 [z_vdev_file_11] 100333 D - 0xfffffe00593fc700 [z_vdev_file_12] 100334 D - 0xfffffe00593fc700 [z_vdev_file_13] 100335 D - 0xfffffe00593fc700 [z_vdev_file_14] 100336 D - 0xfffffe00593fc700 [z_vdev_file_15] 100352 D - 0xfffffe00593fb800 [zfsvfs] 100786 D - 0xfffffe00593fad00 [netlink_socket (PID] 1031 1 760 0 Z syz-executor 1045 1 1025 -1 Z syz-executor 1084 1 766 0 Z syz-executor 1090 1 763 0 Z syz-executor 1094 1 764 0 Z syz-executor 1098 1 763 0 Z syz-executor 1099 1 1099 0 Z syz-executor 1110 1 1102 0 Z syz-executor 1111 1 1102 0 Z syz-executor 1113 1 1102 0 Z syz-executor 1142 1 1142 0 Z+ getty 1143 1 1025 0 Z syz-executor 1144 1 1144 0 Z+ getty 1147 1 763 0 Z