login: panic: ASan: Invalid access, 8-byte write at 0xfffffe0074e24880, UMAUseAfterFree(fd) cpuid = 1 time = 1731035771 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056e2e790 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056e2e8f0 vpanic() at vpanic+0x257/frame 0xfffffe0056e2eab0 panic() at panic+0xb5/frame 0xfffffe0056e2eb70 kasan_report() at kasan_report+0xdf/frame 0xfffffe0056e2ec40 kasan_atomic_fcmpset_acq_ptr() at kasan_atomic_fcmpset_acq_ptr+0x330/frame 0xfffffe0056e2ec70 __mtx_lock_flags() at __mtx_lock_flags+0x1b8/frame 0xfffffe0056e2ed50 sctp_sendall_completes() at sctp_sendall_completes+0x41/frame 0xfffffe0056e2ed70 sctp_iterator_worker() at sctp_iterator_worker+0x1022/frame 0xfffffe0056e2eed0 sctp_iterator_thread() at sctp_iterator_thread+0x5e/frame 0xfffffe0056e2eef0 fork_exit() at fork_exit+0xcc/frame 0xfffffe0056e2ef30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0056e2ef30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic [ thread pid 5 tid 100066 ] Stopped at kdb_enter+0x6e: movq $0,0x23ebdc7(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xffffffff815d042e _vprintf+0x1ae rdx 0 rbx 0xffffffff82728580 .str.27 rsp 0xfffffe0056e2e8d0 rbp 0xfffffe0056e2e8f0 rsi 0 rdi 0xffffffff815d0969 printf+0x149 r8 0 r9 0xffffffff r10 0x1 r11 0x17 r12 0xfffffe0007bde000 r13 0xfffffffffffffffd r14 0xffffffff82728580 .str.27 r15 0 rip 0xffffffff815ba24e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x23ebdc7(%rip) db> show proc Process 5 (sctp_iterator) at 0xfffffe0007be1560: state: NORMAL uid: 0 gids: 0 parent: pid 0 at 0xffffffff83930760 ABI: null flag: 0x10000204 flag2: 0 reaper: 0xffffffff83930760 reapsubtree: 5 sigparent: 20 vmspace: 0xffffffff83931700 (map 0xffffffff83931700) (map.pmap 0xffffffff839317c0) (pmap 0xffffffff83931830) threads: 1 100066 Run CPU 1 [sctp_iterator] db> ps pid ppid pgrp uid state wmesg wchan cmd 895 766 766 0 R (threaded) syz-executor 100120 RunQ syz-executor 100206 RunQ syz-executor 894 764 764 0 R (threaded) syz-executor 100111 RunQ syz-executor 100203 D biowr 0xfffffe0007efa200 syz-executor 100205 S connec 0xfffffe006b91d0da syz-executor 893 1 893 0 Ss+ ttyin 0xfffffe00587df8b0 getty 892 1 892 0 Ss+ ttyin 0xfffffe00587e08b0 getty 891 1 891 0 Ss+ ttyin 0xfffffe00587e04b0 getty 890 1 890 0 Ss+ ttyin 0xfffffe00587e00b0 getty 889 1 889 0 Ss+ ttyin 0xfffffe00587dfcb0 getty 888 1 888 0 Ss+ ttyin 0xfffffe00587df4b0 getty 887 1 887 0 Ss+ ttyin 0xfffffe00587df0b0 getty 886 1 886 0 Ss+ ttyin 0xfffffe00587decb0 getty 885 1 885 0 Ss+ ttyin 0xfffffe00584b0cb0 getty 884 767 767 0 R (threaded) syz-executor 100197 RunQ syz-executor 100201 L *umtxql 0xfffffe0007bda240 syz-executor 100202 S uwait 0xfffffe0074f0aa00 syz-executor 882 765 765 0 RE syz-executor 879 1 767 0 S uwait 0xfffffe0059929d00 syz-executor 871 1 765 0 S uwait 0xfffffe0059929000 syz-executor 870 1 765 0 S uwait 0xfffffe005992ce80 syz-executor 856 1 765 0 S uwait 0xfffffe00598d2b80 syz-executor 840 1 764 0 S uwait 0xfffffe006ddd5100 syz-executor 826 0 0 0 DL - 0xffffffff83a97200 [soaiod4] 825 0 0 0 DL - 0xffffffff83a97200 [soaiod3] 824 0 0 0 DL - 0xffffffff83a97200 [soaiod2] 823 0 0 0 DL - 0xffffffff83a97200 [soaiod1] 822 0 0 0 DL aiordy 0xfffffe005b6a7b00 [aiod4] 821 0 0 0 DL aiordy 0xfffffe005b6c4ae0 [aiod3] 820 0 0 0 DL aiordy 0xfffffe005b6d7040 [aiod2] 819 0 0 0 DL aiordy 0xfffffe005b6d75a0 [aiod1] 809 1 764 0 S uwait 0xfffffe005992cd80 syz-executor 802 1 764 0 S uwait 0xfffffe0059929e00 syz-executor 767 763 767 0 R syz-executor 766 763 766 0 R syz-executor 765 763 765 0 S nanslp 0xffffffff839873c1 syz-executor 764 763 764 0 R syz-executor 763 1 761 0 S select 0xfffffe005992ca40 syz-executor 17 0 0 0 DL syncer 0xffffffff83aa4be0 [syncer] 16 0 0 0 DL vlruwt 0xfffffe0007a27060 [vnlru] 15 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83aa31c0 [bufdaemon] 100082 D - 0xffffffff82e02140 [bufspacedaemon-0] 100092 D sdflush 0xfffffe00543ec8e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83aee8a0 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83ad4838 [dom0] 100080 D launds 0xffffffff83ad4844 [laundry: dom0] 100081 D umarcl 0xffffffff81d6b9a0 [uma] 7 0 0 0 DL - 0xffffffff83704bb0 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff841a39d0 [pf purge] 5 0 0 0 RL CPU 1 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100045 D - 0xffffffff836cf340 [doneq0] 100046 D - 0xffffffff836cf2c0 [async] 100075 D - 0xffffffff836cf140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83ad0020 [crypto] 100043 D crypto_ 0xfffffe0057f7a030 [crypto returns 0] 100044 D crypto_ 0xfffffe0057f7a080 [crypto returns 1] 14 0 0 0 DL seqstat 0xfffffe00543fbc88 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100036 D - 0xffffffff8392fd80 [g_event] 100037 D - 0xffffffff8392fda0 [g_up] 100038 D - 0xffffffff8392fdc0 [g_down] 2 0 0 0 RL (threaded) [clock] 100030 Run CPU 0 [clock (0)] 100031 I [clock (1)] 12 0 0 0 WL (threaded) [intr] 100012 I [swi6: task queue] 100013 I [swi6: Giant taskq] 100015 I [swi5: fast taskq] 100032 I [swi1: netisr 0] 100033 I [swi1: hpts] 100034 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007a07040 [init] 10 0 0 0 DL audit_w 0xffffffff83ad0a80 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c1eff0 [swapper] 100005 D - 0xfffffe00085fed00 [softirq_0] 100006 D - 0xfffffe00085fec00 [softirq_1] 100007 D - 0xfffffe00085feb00 [if_io_tqg_0] 100008 D - 0xfffffe00085fea00 [if_io_tqg_1] 100009 D - 0xfffffe00085fe900 [if_config_tqg_0] 100010 D - 0xfffffe00085fe800 [pci_hp taskq] 100011 D - 0xfffffe00085fe700 [kqueue_ctx taskq] 100014 D - 0xfffffe00085fe400 [thread taskq] 100016 D - 0xfffffe00085fe200 [aiod_kick taskq] 100017 D - 0xfffffe00085fe100 [deferred_unmount ta] 100018 D - 0xfffffe00085fe000 [inm_free taskq] 100019 D - 0xfffffe00085fde00 [in6m_free taskq] 100020 D - 0xfffffe00085fdd00 [linuxkpi_irq_wq] 100021 D - 0xfffffe00085fdc00 [linuxkpi_short_wq_0] 100022 D - 0xfffffe00085fdc00 [linuxkpi_short_wq_1] 100023 D - 0xfffffe00085fdc00 [linuxkpi_short_wq_2] 100024 D - 0xfffffe00085fdc00 [linuxkpi_short_wq_3] 100025 D - 0xfffffe00085fdb00 [linuxkpi_long_wq_0] 100026 D - 0xfffffe00085fdb00 [linuxkpi_long_wq_1] 100027 D - 0xfffffe00085fdb00 [linuxkpi_long_wq_2] 100028 D - 0xfffffe00085fdb00 [linuxkpi_long_wq_3] 100035 D - 0xfffffe00085fda00 [firmware taskq] 100040 D - 0xfffffe00085fd700 [crypto_0] 100041 D - 0xfffffe00085fd700 [crypto_1] 100056 D - 0xfffffe00085fd500 [vtnet0 rxq 0] 100057 D - 0xfffffe00085fd400 [vtnet0 txq 0] 100058 D - 0xfffffe00085fd300 [vtnet0 rxq 1] 100059 D - 0xfffffe00085fd200 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe0057fa4080 [virtio_balloon] 100065 D - 0xffffffff8272d7c1 [deadlkres] 100069 D - 0xfffffe0058852000 [acpi_task_0] 100070 D - 0xfffffe0058852000 [acpi_task_1] 100071 D - 0xfffffe0058852000 [acpi_task_2] 100073 D - 0xfffffe00085ff100 [mca taskq] 100074 D - 0xfffffe00085fd600 [CAM taskq] 100076 D - 0xfffffe00085fd000 [ipsec_offload] db>