panic: sctp_inpcb_free: inp 0xfffffe009b445108 still has socket cpuid = 0 time = 1645976940 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe009a4842d0 kdb_backtrace() at kdb_backtrace+0xd3/frame 0xfffffe009a484430 vpanic() at vpanic+0x2b8/frame 0xfffffe009a484510 panic() at panic+0xb5/frame 0xfffffe009a4845e0 sctp_inpcb_free() at sctp_inpcb_free+0x1fe3/frame 0xfffffe009a484670 sctp6_abort() at sctp6_abort+0x175/frame 0xfffffe009a484750 soabort() at soabort+0xce/frame 0xfffffe009a484770 soclose() at soclose+0x7a3/frame 0xfffffe009a484880 _fdrop() at _fdrop+0x58/frame 0xfffffe009a4848b0 closef() at closef+0x689/frame 0xfffffe009a484a90 fdescfree() at fdescfree+0xaa7/frame 0xfffffe009a484c80 exit1() at exit1+0x8bf/frame 0xfffffe009a484d10 sys_exit() at sys_exit+0x28/frame 0xfffffe009a484d30 ia32_syscall() at ia32_syscall+0x419/frame 0xfffffe009a484f30 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xffffd5e0 KDB: enter: panic [ thread pid 64278 tid 167602 ] Stopped at kdb_enter+0x6b: movq $0,0x27085ca(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0xd5e1483404fd5704 rdx 0x1 rbx 0 rsp 0xfffffe009a484410 rbp 0xfffffe009a484430 rsi 0 rdi 0xffffffff817759ca vprintf+0x35a r8 0 r9 0xffffffff r10 0 r11 0xfffffe009b0e0fd0 r12 0xfffffe009b0e0ac0 r13 0xfffffe009a484401 r14 0xffffffff82ba6920 .str.26 r15 0xffffffff82ba6920 .str.26 rip 0xffffffff81768f4b kdb_enter+0x6b rflags 0x200046 kernload+0x46 kdb_enter+0x6b: movq $0,0x27085ca(%rip) db> show proc Process 64278 (syz-executor.0) at 0xfffffe009b501548: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 779 at 0xfffffe0058c22000 ABI: FreeBSD ELF32 flag: 0x10002000 flag2: 0 arguments: /root/syz-executor.0 exec reaper: 0xfffffe0053dda000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe009bb5a3f0 (map 0xfffffe009bb5a3f0) (map.pmap 0xfffffe009bb5a4b0) (pmap 0xfffffe009bb5a518) threads: 1 167602 Run CPU 0 syz-executor.0 db> ps pid ppid pgrp uid state wmesg wchan cmd 64279 780 780 0 R (threaded) syz-executor.1 166373 RunQ syz-executor.1 175026 RunQ syz-executor.1 64278 779 779 0 RE CPU 0 syz-executor.0 64277 796 796 0 R (threaded) syz-executor.2 167595 RunQ syz-executor.2 175027 S uwait 0xfffffe009ab6fd80 syz-executor.2 64276 782 782 0 RE syz-executor.3 63267 1 796 0 SV uwait 0xfffffe0057876500 syz-executor.2 63086 1 782 0 S uwait 0xfffffe008fea3d80 syz-executor.3 62586 1 796 0 S uwait 0xfffffe009ab6f780 syz-executor.2 55952 1 796 0 S uwait 0xfffffe008fea3b80 syz-executor.2 55948 1 779 0 S umtxn 0xfffffe009965ac80 syz-executor.0 55938 1 780 0 S uwait 0xfffffe0099659880 syz-executor.1 49725 1 796 0 S uwait 0xfffffe009ab6fa80 syz-executor.2 49356 1 780 0 SV uwait 0xfffffe008fea3200 syz-executor.1 49194 1 780 0 SV uwait 0xfffffe0099659380 syz-executor.1 47943 1 780 0 S uwait 0xfffffe0057877880 syz-executor.1 46779 1 796 0 S uwait 0xfffffe008fea3a80 syz-executor.2 46430 1 780 0 S uwait 0xfffffe0057879b80 syz-executor.1 46429 1 780 0 S uwait 0xfffffe009ab70580 syz-executor.1 46427 1 780 0 S uwait 0xfffffe0099659580 syz-executor.1 46421 1 780 0 S uwait 0xfffffe0057876600 syz-executor.1 46224 1 780 0 S uwait 0xfffffe0057879880 syz-executor.1 46223 1 779 0 S uwait 0xfffffe0099659b80 syz-executor.0 46218 1 780 0 S uwait 0xfffffe0057879680 syz-executor.1 46215 1 780 0 S uwait 0xfffffe008fea3000 syz-executor.1 46213 1 779 0 S uwait 0xfffffe0099659480 syz-executor.0 46209 1 779 0 S uwait 0xfffffe0099659980 syz-executor.0 45755 1 45753 0 S uwait 0xfffffe0099659a80 syz-executor.0 45751 1 45747 0 S uwait 0xfffffe0057879d80 syz-executor.0 45749 1 779 0 S uwait 0xfffffe008fea3980 syz-executor.0 45744 1 779 0 S uwait 0xfffffe008fea3100 syz-executor.0 29108 1 782 0 S umtxn 0xfffffe0099659c80 syz-executor.3 29093 1 779 0 S uwait 0xfffffe008fea3700 syz-executor.0 29085 1 779 0 S uwait 0xfffffe009965a180 syz-executor.0 29075 1 779 0 S uwait 0xfffffe008fea5c80 syz-executor.0 29054 1 796 0 S umtxn 0xfffffe008fea4500 syz-executor.2 29047 1 779 0 S uwait 0xfffffe0099658e00 syz-executor.0 29037 1 779 0 S uwait 0xfffffe0099659780 syz-executor.0 29028 1 779 0 S uwait 0xfffffe009ab70680 syz-executor.0 29017 1 779 0 S uwait 0xfffffe008fea3800 syz-executor.0 23624 1 779 0 SV uwait 0xfffffe0057443b00 syz-executor.0 19879 1 796 0 SV uwait 0xfffffe0057876300 syz-executor.2 19877 1 796 0 SV aiowc 0xfffffe009a983e18 syz-executor.2 19544 0 0 0 DL - 0xffffffff83f5e8c0 [soaiod4] 19543 0 0 0 DL - 0xffffffff83f5e8c0 [soaiod3] 19542 0 0 0 DL - 0xffffffff83f5e8c0 [soaiod2] 19541 0 0 0 DL - 0xffffffff83f5e8c0 [soaiod1] 18176 1 780 0 SV aiowc 0xfffffe009a9a48d0 syz-executor.1 16743 1 780 0 S uwait 0xfffffe009965a980 syz-executor.1 16737 1 780 0 S uwait 0xfffffe009965aa80 syz-executor.1 16733 1 780 0 S uwait 0xfffffe008fea3500 syz-executor.1 16716 1 780 0 S uwait 0xfffffe009965a400 syz-executor.1 16710 1 780 0 S uwait 0xfffffe008fea3400 syz-executor.1 16705 1 780 0 S uwait 0xfffffe008fea4300 syz-executor.1 16700 1 780 0 S uwait 0xfffffe008fea4200 syz-executor.1 16696 1 780 0 S uwait 0xfffffe009965ab80 syz-executor.1 16690 1 780 0 S uwait 0xfffffe0057876100 syz-executor.1 16685 1 780 0 S uwait 0xfffffe0057446680 syz-executor.1 16680 1 780 0 S uwait 0xfffffe008fea5780 syz-executor.1 16674 1 780 0 S uwait 0xfffffe0057443800 syz-executor.1 16669 1 780 0 S uwait 0xfffffe008fea5380 syz-executor.1 16664 1 780 0 S uwait 0xfffffe008fea4000 syz-executor.1 16657 1 780 0 S uwait 0xfffffe0057876c00 syz-executor.1 16649 1 796 0 S uwait 0xfffffe008fea3e80 syz-executor.2 16648 1 780 0 S uwait 0xfffffe0057446a80 syz-executor.1 16641 1 780 0 S umtxn 0xfffffe008fea4100 syz-executor.1 16636 1 796 0 S uwait 0xfffffe0057444200 syz-executor.2 16634 1 780 0 S uwait 0xfffffe0057876b00 syz-executor.1 16626 1 796 0 S uwait 0xfffffe0057877c00 syz-executor.2 16623 1 796 0 S uwait 0xfffffe0057877780 syz-executor.2 16622 1 780 0 S uwait 0xfffffe0056f48680 syz-executor.1 16612 1 780 0 S uwait 0xfffffe0057876a00 syz-executor.1 16606 1 780 0 S uwait 0xfffffe008fea4400 syz-executor.1 16602 1 780 0 S uwait 0xfffffe0057878500 syz-executor.1 16596 1 780 0 S uwait 0xfffffe0057446780 syz-executor.1 16588 1 780 0 S uwait 0xfffffe0057877680 syz-executor.1 16580 1 780 0 S uwait 0xfffffe0057444100 syz-executor.1 16564 1 796 0 S umtxn 0xfffffe0057876400 syz-executor.2 16558 1 796 0 S uwait 0xfffffe0057876200 syz-executor.2 16551 1 796 0 S uwait 0xfffffe009965a780 syz-executor.2 16540 1 796 0 S uwait 0xfffffe0057446980 syz-executor.2 16535 1 780 0 S umtxn 0xfffffe009965ad80 syz-executor.1 16527 1 780 0 S uwait 0xfffffe009965a880 syz-executor.1 16519 1 780 0 S uwait 0xfffffe0057446880 syz-executor.1 16512 1 780 0 S uwait 0xfffffe0057446b80 syz-executor.1 8146 1 8146 65 Ss select 0xfffffe0099659e40 dhclient 7204 1 7204 0 Ss select 0xfffffe009965a3c0 dhclient 7196 1 7196 0 Ss select 0xfffffe00578773c0 dhclient 7155 1 7155 65 Ss select 0xfffffe009965a140 dhclient 5520 1 5520 0 Ss select 0xfffffe008fea45c0 dhclient 5517 1 5517 0 Ss select 0xfffffe009965a340 dhclient 5490 1 5490 65 Ss select 0xfffffe009965a240 dhclient 4100 1 4100 0 Ss select 0xfffffe009965a040 dhclient 4091 1 4091 0 Ss select 0xfffffe009965a0c0 dhclient 4044 1 4044 65 Ss select 0xfffffe009965b640 dhclient 1219 1 1219 0 Ss select 0xfffffe009965b540 dhclient 1216 1 1216 0 Ss select 0xfffffe009965b040 dhclient 1172 0 0 0 DL aiordy 0xfffffe0058b0e000 [aiod4] 1171 0 0 0 DL aiordy 0xfffffe0099664000 [aiod3] 1170 0 0 0 DL aiordy 0xfffffe0099663a90 [aiod2] 1169 0 0 0 DL aiordy 0xfffffe0056f79000 [aiod1] 796 774 796 0 Rs syz-executor.2 782 774 782 0 Ss nanslp 0xffffffff83e3ec00 syz-executor.3 780 774 780 0 Ss nanslp 0xffffffff83e3ec00 syz-executor.1 779 774 779 0 Rs syz-executor.0 774 772 772 0 S (threaded) syz-fuzzer 100094 S uwait 0xfffffe0057443a00 syz-fuzzer 100117 S uwait 0xfffffe0056f48980 syz-fuzzer 100118 S uwait 0xfffffe0056f48a80 syz-fuzzer 100119 S uwait 0xfffffe0056f48b80 syz-fuzzer 100120 S uwait 0xfffffe008fea5a80 syz-fuzzer 100121 S kqread 0xfffffe008fe03300 syz-fuzzer 100122 S uwait 0xfffffe008fea5b80 syz-fuzzer 100123 S uwait 0xfffffe0056f48d80 syz-fuzzer 100124 S uwait 0xfffffe0056f48e80 syz-fuzzer 772 770 772 0 Ss pause 0xfffffe0056f7ab40 csh 770 688 770 0 Ss select 0xfffffe008fea50c0 sshd 754 1 754 0 Ss+ ttyin 0xfffffe0057466cb0 getty 753 1 753 0 Ss+ ttyin 0xfffffe0057465cb0 getty 752 1 752 0 Ss+ ttyin 0xfffffe0057a5dcb0 getty 751 1 751 0 Ss+ ttyin 0xfffffe0057a5e0b0 getty 750 1 750 0 Ss+ ttyin 0xfffffe0057a5e4b0 getty 749 1 749 0 Ss+ ttyin 0xfffffe0057a5e8b0 getty 748 1 748 0 Ss+ ttyin 0xfffffe0057a5ecb0 getty 747 1 747 0 Ss+ ttyin 0xfffffe0057a5f0b0 getty 746 1 746 0 Ss+ ttyin 0xfffffe0057a5f4b0 getty 692 1 692 0 Ss nanslp 0xffffffff83e3ec00 cron 688 1 688 0 Ss select 0xfffffe008fea5dc0 sshd 501 1 501 0 Ss select 0xfffffe0057443bc0 syslogd 430 1 430 0 Ss select 0xfffffe008fea5ec0 devd 429 1 429 65 Ss select 0xfffffe0057877b40 dhclient 344 1 344 0 Ss select 0xfffffe0057443cc0 dhclient 341 1 341 0 Ss select 0xfffffe0057443c40 dhclient 17 0 0 0 DL syncer 0xffffffff83f643e0 [syncer] 16 0 0 0 DL vlruwt 0xfffffe0056f7ba90 [vnlru] 15 0 0 0 DL (threaded) [bufdaemon] 100080 D psleep 0xffffffff83f629e0 [bufdaemon] 100083 D - 0xffffffff83211f80 [bufspacedaemon-0] 100095 D sdflush 0xfffffe00574658e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83f96440 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100078 D psleep 0xffffffff83f8a2f8 [dom0] 100081 D launds 0xffffffff83f8a304 [laundry: dom0] 100082 D umarcl 0xffffffff81e9eaa0 [uma] 7 0 0 0 DL - 0xffffffff83bfaa08 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff84819530 [pf purge] 5 0 0 0 DL waiting 0xffffffff84b1e5a0 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100045 D - 0xffffffff83a9c940 [doneq0] 100046 D - 0xffffffff83a9c8c0 [async] 100077 D - 0xffffffff83a9c740 [scanner] 14 0 0 0 DL seqstat 0xfffffe0053fbb488 [sequencer 00] 3 0 0 0 DL (threaded) [crypto] 100041 D crypto_ 0xffffffff83f85b20 [crypto] 100042 D crypto_ 0xfffffe0053c8ad30 [crypto returns 0] 100043 D crypto_ 0xfffffe0053c8ad80 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100036 D - 0xffffffff83e141c0 [g_event] 100037 D - 0xffffffff83e141e0 [g_up] 100038 D - 0xffffffff83e14200 [g_down] 2 0 0 0 WL (threaded) [clock] 100030 I [clock (0)] 100031 I [clock (1)] 12 0 0 0 RL (threaded) [intr] 100010 I [swi6: task queue] 100011 I [swi6: Giant taskq] 100018 I [swi5: fast taskq] 100029 Run CPU 1 [swi1: netisr 0] 100032 I [swi3: busdma] 100033 I [swi1: hpts] 100034 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq33: virtio_pci2] 100061 I [irq34: virtio_pci2] 100062 I [irq35: virtio_pci2] 100064 I [irq1: atkbd0] 100065 I [irq12: psm0] 100066 I [swi0: uart uart++] 100070 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0053dda000 [init] 10 0 0 0 DL audit_w 0xffffffff83f86620 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D swapin 0xffffffff83e14c00 [swapper] 100005 D - 0xfffffe0053e01000 [if_config_tqg_0] 100006 D - 0xfffffe0053e00e00 [softirq_0] 100007 D - 0xfffffe0053e00d00 [softirq_1] 100008 D - 0xfffffe0053e00c00 [if_io_tqg_0] 100009 D - 0xfffffe0053e00b00 [if_io_tqg_1] 100012 D - 0xfffffe000796d200 [aiod_kick taskq] 100013 D - 0xfffffe000796d000 [inm_free taskq] 100014 D - 0xfffffe000796cd00 [linuxkpi_irq_wq] 100015 D - 0xfffffe000796cb00 [in6m_free taskq] 100016 D - 0xfffffe000796c900 [deferred_unmount ta] 100017 D - 0xfffffe000796c700 [thread taskq] 100019 D - 0xfffffe000796c300 [kqueue_ctx taskq] 100020 D - 0xfffffe000796c100 [pci_hp taskq] 100021 D - 0xfffffe000796be00 [linuxkpi_short_wq_0] 100022 D - 0xfffffe000796be00 [linuxkpi_short_wq_1] 100023 D - 0xfffffe000796be00 [linuxkpi_short_wq_2] 100024 D - 0xfffffe000796be00 [linuxkpi_short_wq_3] 100025 D - 0xfffffe000796b900 [linuxkpi_long_wq_0] 100026 D - 0xfffffe000796b900 [linuxkpi_long_wq_1] 100027 D - 0xfffffe000796b900 [linuxkpi_long_wq_2] 100028 D - 0xfffffe000796b900 [linuxkpi_long_wq_3] 100035 D - 0xfffffe0053ed0200 [firmware taskq] 100039 D - 0xfffffe0053ecfc00 [crypto_0] 100040 D - 0xfffffe0053ecfc00 [crypto_1] 100056 D - 0xfffffe0053eced00 [vtnet0 rxq 0] 100057 D - 0xfffffe0053ecec00 [vtnet0 txq 0] 100058 D - 0xfffffe0053eceb00 [vtnet0 rxq 1] 100059 D - 0xfffffe0053ecea00 [vtnet0 txq 1] 100063 D vtbslp 0xfffffe0053fdc400 [virtio_balloon] 100067 D - 0xffffffff82bac7a1 [deadlkres] 100071 D - 0xfffffe000796e200 [mca taskq] 100072 D - 0xfffffe005787d000 [acpi_task_0] 100073 D - 0