Autoloading module: intpm.ko Starting background file system checks in 60 seconds. Tue May 14 22:53 FreeBSD/amd64 (ci-freebsd-main-9.c.syzkaller.internal) (ttyu0) Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. 2019/05/14 22:53:51 parsed 1 programs 2019/05/14 22:53:51 executed programs: 0 login: interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type interface if_tuntap.1 already present in the KLD 'kernel'! linker_load_file: /boot/kernel/if_tap.ko - unsupported file type Kernel page fault with the following non-sleepable locks held: exclusive sleep mutex sctp-tcb (tcb) r = 0 (0xfffff80012a35928) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:13021 stack backtrace: panic: Memory modified after free 0xfffff800049c2200(256) val=0 @ 0xfffff800049c2200 cpuid = 0 time = 1557874431 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0021299ff0 vpanic() at vpanic+0x1e0/frame 0xfffffe002129a050 panic() at panic+0x43/frame 0xfffffe002129a0b0 trash_ctor() at trash_ctor+0xaa/frame 0xfffffe002129a0f0 mb_ctor_mbuf() at mb_ctor_mbuf+0x30/frame 0xfffffe002129a130 uma_zalloc_arg() at uma_zalloc_arg+0x1036/frame 0xfffffe002129a1e0 m_getm2() at m_getm2+0x213/frame 0xfffffe002129a250 sctp_get_mbuf_for_msg() at sctp_get_mbuf_for_msg+0x4a/frame 0xfffffe002129a290 sctp_lowlevel_chunk_output() at sctp_lowlevel_chunk_output+0x164/frame 0xfffffe002129a3e0 sctp_send_abort_tcb() at sctp_send_abort_tcb+0x360/frame 0xfffffe002129a4c0 sctp_abort_an_association() at sctp_abort_an_association+0x38/frame 0xfffffe002129a500 sctp_lower_sosend() at sctp_lower_sosend+0x2b12/frame 0xfffffe002129a6d0 sctp_sosend() at sctp_sosend+0x510/frame 0xfffffe002129a800 sosend() at sosend+0xc6/frame 0xfffffe002129a870 soo_write() at soo_write+0x61/frame 0xfffffe002129a8b0 dofilewrite() at dofilewrite+0xfd/frame 0xfffffe002129a910 kern_writev() at kern_writev+0x66/frame 0xfffffe002129a950 sys_writev() at sys_writev+0x50/frame 0xfffffe002129a980 amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe002129aab0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe002129aab0 --- syscall (198, FreeBSD ELF64, nosys), rip = 0x41309a, rsp = 0x7fffdffdcf38, rbp = 0x3 --- KDB: enter: panic [ thread pid 808 tid 100124 ] Stopped at kdb_enter+0x6a: movq $0,kdb_why