login: panic: Memory modified after free 0xfffff800109f1e00(112) val=1adc0de @ 0xfffff800109f1e64 cpuid = 0 time = 1593248769 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0025a68470 vpanic() at vpanic+0x1c7/frame 0xfffffe0025a684d0 panic() at panic+0x43/frame 0xfffffe0025a68530 trash_ctor() at trash_ctor+0xa8/frame 0xfffffe0025a68570 item_ctor() at item_ctor+0x1d1/frame 0xfffffe0025a685d0 sctp_lower_sosend() at sctp_lower_sosend+0x4840/frame 0xfffffe0025a687b0 sctp_sosend() at sctp_sosend+0x501/frame 0xfffffe0025a688e0 sosend() at sosend+0xc6/frame 0xfffffe0025a68950 kern_sendit() at kern_sendit+0x33d/frame 0xfffffe0025a68a00 sendit() at sendit+0x224/frame 0xfffffe0025a68a60 sys_sendmsg() at sys_sendmsg+0x8b/frame 0xfffffe0025a68ac0 amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe0025a68bf0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0025a68bf0 --- syscall (198, FreeBSD ELF64, nosys), rip = 0x28288a, rsp = 0x7fffdffdcf08, rbp = 0x7fffdffdcf70 --- KDB: enter: panic [ thread pid 2235 tid 100949 ] Stopped at kdb_enter+0x67: movq $0,0x14a4276(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0x80 ll+0x5f rdx 0xffffffff81903d20 rbx 0 rsp 0xfffffe0025a68450 rbp 0xfffffe0025a68470 rsi 0x1 rdi 0 r8 0 r9 0xffffffff r10 0xb631d7b8 r11 0x7bacee6a r12 0xffffffff82068f70 ddb_dbbe r13 0 r14 0xffffffff819a839c r15 0xffffffff819a839c rip 0xffffffff810b59b7 kdb_enter+0x67 rflags 0x82 ll+0x61 kdb_enter+0x67: movq $0,0x14a4276(%rip) db> show proc Process 2235 (syz-executor.0) at 0xfffff80010a1d000: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 775 at 0xfffff80010523a40 ABI: FreeBSD ELF64 arguments: /root/syz-executor.0 reaper: 0xfffff80003310000 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00257ad9e8 (map 0xfffffe00257ad9e8) (map.pmap 0xfffffe00257adaa8) (pmap 0xfffffe00257adb08) threads: 3 100648 RunQ syz-executor.0 100948 Run CPU 1 syz-executor.0 100949 Run CPU 0 syz-executor.0 db> ps pid ppid pgrp uid state wmesg wchan cmd 2235 775 775 0 R (threaded) syz-executor.0 100648 RunQ syz-executor.0 100948 Run CPU 1 syz-executor.0 100949 Run CPU 0 syz-executor.0 809 799 809 0 Ss select 0xfffff80003c4eac0 dhclient 804 1 804 0 Ss select 0xfffff80003e1dec0 dhclient 799 790 424 65 S select 0xfffff80003e1dd40 dhclient 790 424 424 0 S wait 0xfffff80010523520 sh 775 773 775 0 Ss nanslp 0xffffffff8252f240 syz-executor.0 773 771 771 0 S (threaded) syz-execprog 100078 S uwait 0xfffff800037efa80 syz-execprog 100106 S uwait 0xfffff80003a40d00 syz-execprog 100107 S uwait 0xfffff80003317f00 syz-execprog 100108 S uwait 0xfffff800037ec180 syz-execprog 100109 S uwait 0xfffff80003317b80 syz-execprog 100110 S uwait 0xfffff800037ec480 syz-execprog 100111 S uwait 0xfffff80003317c80 syz-execprog 100112 S kqread 0xfffff80003de6c00 syz-execprog 100114 S uwait 0xfffff800037ec680 syz-execprog 771 769 771 0 Ss pause 0xfffff8001051e0a8 csh 769 682 769 0 Ss select 0xfffff80003e1df40 sshd 748 1 748 0 Ss+ ttyin 0xfffff80003806cb0 getty 747 1 747 0 Ss+ ttyin 0xfffff800