syzbot


panic: ASan: Invalid access, NUM-byte read at ADDR, UMAUseAfterFree(fd) (2)

Status: fixed on 2022/04/19 22:30
Reported-by: syzbot+66ede232c3d1271c6226@syzkaller.appspotmail.com
Fix commit: a12d89332efe sctp: hold the inp lock while calling ip6_output
First crash: 294d, last: 292d
similar bugs (6):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
freebsd panic: ASan: Invalid access, 8-byte read at ADDR, UMAUseAfterFree(fd) 88 576d 579d 0/2 auto-closed as invalid on 2021/09/07 18:42
freebsd panic: ASan: Invalid access, NUM-byte read at ADDR, UMAUseAfterFree(fd) C 515 296d 416d 2/2 fixed on 2022/04/16 01:19
freebsd panic: ASan: Invalid access, 4-byte read at ADDR, UMAUseAfterFree(fd) 300 549d 579d 0/2 auto-closed as invalid on 2021/10/04 10:41
freebsd panic: ASan: Invalid access, 2-byte read at ADDR, UMAUseAfterFree(fd) C 1103 416d 577d 2/2 fixed on 2021/12/17 02:33
freebsd panic: ASan: Invalid access, NUM-byte read at ADDR, UMAUseAfterFree(fd) (4) C 154 5h42m 232d 0/2 upstream: reported C repro on 2022/06/18 22:38
freebsd panic: ASan: Invalid access, NUM-byte read at ADDR, UMAUseAfterFree(fd) (3) C 58 237d 290d 0/2 closed as invalid on 2022/06/13 20:33

Sample crash report:
login: panic: ASan: Invalid access, 8-byte read at 0xfffffe0092e259f8, UMAUseAfterFree(fd)
cpuid = 0
time = 1650334550
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe00540b4890
kdb_backtrace() at kdb_backtrace+0xd3/frame 0xfffffe00540b49f0
vpanic() at vpanic+0x2b8/frame 0xfffffe00540b4ad0
panic() at panic+0xb5/frame 0xfffffe00540b4ba0
kasan_report() at kasan_report+0xdc/frame 0xfffffe00540b4c70
__mtx_lock_flags() at __mtx_lock_flags+0x125/frame 0xfffffe00540b4d50
sctp_sendall_completes() at sctp_sendall_completes+0x41/frame 0xfffffe00540b4d70
sctp_iterator_worker() at sctp_iterator_worker+0xff4/frame 0xfffffe00540b4ed0
sctp_iterator_thread() at sctp_iterator_thread+0x5e/frame 0xfffffe00540b4ef0
fork_exit() at fork_exit+0xd0/frame 0xfffffe00540b4f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00540b4f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 5 tid 100068 ]
Stopped at      kdb_enter+0x6b: movq    $0,0x270585a(%rip)
db> 
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs                        0x20
ds                        0x3b
es                        0x3b
fs                        0x13
gs                        0x1b
ss                        0x28
rax                       0x12
rcx         0xf89dca37841637d3
rdx         0xdffff7c000000000
rbx                          0
rsp         0xfffffe00540b49d0
rbp         0xfffffe00540b49f0
rsi                        0x1
rdi                          0
r8                         0x3
r9                  0xffffffff
r10                          0
r11         0xfffffe0053e84350
r12         0xfffffe0056fd7020
r13         0xfffffe00540b4a01
r14         0xffffffff82bc7440  .str.26
r15         0xffffffff82bc7440  .str.26
rip         0xffffffff81774b3b  kdb_enter+0x6b
rflags                    0x46
kdb_enter+0x6b: movq    $0,0x270585a(%rip)
db> show proc
Process 5 (sctp_iterator) at 0xfffffe0053ee0548:
 state: NORMAL
 uid: 0  gids: 0
 parent: pid 0 at 0xffffffff83e1da00
 ABI: null
 flag: 0x10000204  flag2: 0
 reaper: 0xffffffff83e1da00 reapsubtree: 5
 sigparent: 20
 vmspace: 0xffffffff83e1e9a0
   (map 0xffffffff83e1e9a0)
   (map.pmap 0xffffffff83e1ea60)
   (pmap 0xffffffff83e1eac8)
 threads: 1
100068                   Run     CPU 0                       [sctp_iterator]
db> ps
  pid  ppid  pgrp   uid  state   wmesg   wchan               cmd
 5454   792  5454     0  REs                                 syz-executor2790543
 5453   795  5453     0  REs     CPU 1                       syz-executor2790543
 5452   791   788     0  R                                   syz-executor2790543
  795   790   788     0  S       nanslp  0xffffffff83e47a00  syz-executor2790543
  794   790   788     0  R                                   syz-executor2790543
  792   790   788     0  R                                   syz-executor2790543
  791   790   788     0  S       nanslp  0xffffffff83e47a01  syz-executor2790543
  790   788   788     0  S       nanslp  0xffffffff83e47a01  syz-executor2790543
  788   786   788     0  Ss      pause   0xfffffe0058b200b0  csh
  786   688   786     0  Ss      select  0xfffffe0053dd0740  sshd
  754     1   754     0  Ss+     ttyin   0xfffffe0056feb4b0  getty
  753     1   753     0  Ss+     ttyin   0xfffffe00081f10b0  getty
  752     1   752     0  Ss+     ttyin   0xfffffe0056fe74b0  getty
  751     1   751     0  Ss+     ttyin   0xfffffe00081f14b0  getty
  750     1   750     0  Ss+     ttyin   0xfffffe0056fe78b0  getty
  749     1   749     0  Ss+     ttyin   0xfffffe00081f18b0  getty
  748     1   748     0  Ss+     ttyin   0xfffffe0056fe7cb0  getty
  747     1   747     0  Ss+     ttyin   0xfffffe0056fe90b0  getty
  746     1   746     0  Ss+     ttyin   0xfffffe0056fe94b0  getty
  692     1   692     0  Ss      nanslp  0xffffffff83e47a01  cron
  688     1   688     0  Ss      select  0xfffffe0053dd0c40  sshd
  501     1   501     0  Ss      select  0xfffffe0053dd12c0  syslogd
  430     1   430     0  Ss      select  0xfffffe0053dd1240  devd
  429     1   429    65  Ss      select  0xfffffe0053dd1ac0  dhclient
  344     1   344     0  Ss      select  0xfffffe0053dd1940  dhclient
  341     1   341     0  Ss      select  0xfffffe0053dd1140  dhclient
   17     0     0     0  DL      syncer  0xffffffff83f6d260  [syncer]
   16     0     0     0  DL      vlruwt  0xfffffe0058a54a90  [vnlru]
   15     0     0     0  DL      (threaded)                  [bufdaemon]
100080                   D       psleep  0xffffffff83f6b860  [bufdaemon]
100083                   D       -       0xffffffff83211f80  [bufspacedaemon-0]
100095                   D       sdflush 0xfffffe0053f67ce8  [/ worker]
    9     0     0     0  DL      psleep  0xffffffff83f9f380  [vmdaemon]
    8     0     0     0  DL      (threaded)                  [pagedaemon]
100078                   D       psleep  0xffffffff83f93238  [dom0]
100081                   D       launds  0xffffffff83f93244  [laundry: dom0]
100082                   D       umarcl  0xffffffff81eafc60  [uma]
    7     0     0     0  DL      -       0xffffffff83c03788  [rand_harvestq]
    6     0     0     0  DL      pftm    0xffffffff847f4530  [pf purge]
    5     0     0     0  RL      CPU 0                       [sctp_iterator]
    4     0     0     0  DL      (threaded)                  [cam]
100045                   D       -       0xffffffff83aa56c0  [doneq0]
100046                   D       -       0xffffffff83aa5640  [async]
100077                   D       -       0xffffffff83aa54c0  [scanner]
   14     0     0     0  DL      seqstat 0xfffffe0056f1ac88  [sequencer 00]
    3     0     0     0  DL      (threaded)                  [crypto]
100041                   D       crypto_ 0xffffffff83f8ea40  [crypto]
100042                   D       crypto_ 0xfffffe0053effd30  [crypto returns 0]
100043                   D       crypto_ 0xfffffe0053effd80  [crypto returns 1]
   13     0     0     0  DL      (threaded)                  [geom]
100036                   D       -       0xffffffff83e1cfc0  [g_event]
100037                   D       -       0xffffffff83e1cfe0  [g_up]
100038                   D       -       0xffffffff83e1d000  [g_down]
    2     0     0     0  WL      (threaded)                  [clock]
100030                   I                                   [clock (0)]
100031                   I                                   [clock (1)]
   12     0     0     0  WL      (threaded)                  [intr]
100010                   I                                   [swi6: Giant taskq]
100017                   I                                   [swi5: fast taskq]
100020                   I                                   [swi6: task queue]
100029                   I                                   [swi1: netisr 0]
100032                   I                                   [swi3: busdma]
100033                   I                                   [swi1: hpts]
100034                   I                                   [swi1: hpts]
100047                   I                                   [irq24: virtio_pci0]
100048                   I                                   [irq25: virtio_pci0]
100049                   I                                   [irq26: virtio_pci0]
100050                   I                                   [irq27: virtio_pci0]
100051                   I                                   [irq28: virtio_pci1]
100052                   I                                   [irq29: virtio_pci1]
100053                   I                                   [irq30: virtio_pci1]
100054                   I                                   [irq31: virtio_pci1]
100055                   I                                   [irq32: virtio_pci1]
100060                   I                                   [irq33: virtio_pci2]
100061                   I                                   [irq34: virtio_pci2]
100062                   I                                   [irq35: virtio_pci2]
100064                   I                                   [irq1: atkbd0]
100065                   I                                   [irq12: psm0]
100066                   I                                   [swi0: uart uart++]
100070                   I                                   [swi1: pf send]
   11     0     0     0  RL      (threaded)                  [idle]
100003                   CanRun                              [idle: cpu0]
100004                   CanRun                              [idle: cpu1]
    1     0     1     0  SLs     wait    0xfffffe0053ddc000  [init]
   10     0     0     0  DL      audit_w 0xffffffff83f8f540  [audit]
    0     0     0     0  DLs     (threaded)                  [kernel]
100000                   D       swapin  0xffffffff83e1da00  [swapper]
100005                   D       -       0xfffffe0007973100  [softirq_0]
100006                   D       -       0xfffffe0007973000  [softirq_1]
100007                   D       -       0xfffffe0007972e00  [if_io_tqg_0]
100008                   D       -       0xfffffe0007972d00  [if_io_tqg_1]
100009                   D       -       0xfffffe0007972c00  [if_config_tqg_0]
100011                   D       -       0xfffffe0007972a00  [aiod_kick taskq]
100012                   D       -       0xfffffe0007972900  [inm_free taskq]
100013                   D       -       0xfffffe0007972800  [linuxkpi_irq_wq]
100014                   D       -       0xfffffe0007972700  [in6m_free taskq]
100015                   D       -       0xfffffe0007972600  [deferred_unmount ta]
100016                   D       -       0xfffffe0007972500  [thread taskq]
100018                   D       -       0xfffffe0007972300  [pci_hp taskq]
100019                   D       -       0xfffffe0007972200  [kqueue_ctx taskq]
100021                   D       -       0xfffffe0007972000  [linuxkpi_short_wq_0]
100022                   D       -       0xfffffe0007972000  [linuxkpi_short_wq_1]
100023                   D       -       0xfffffe0007972000  [linuxkpi_short_wq_2]
100024                   D       -       0xfffffe0007972000  [linuxkpi_short_wq_3]
100025                   D       -       0xfffffe0007971e00  [linuxkpi_long_wq_0]
100026                   D       -       0xfffffe0007971e00  [linuxkpi_long_wq_1]
100027                   D       -       0xfffffe0007971e00  [linuxkpi_long_wq_2]
100028                   D       -       0xfffffe0007971e00  [linuxkpi_long_wq_3]
100035                   D       -       0xfffffe0053f31300  [firmware taskq]
100039                   D       -       0xfffffe0053f31100  [crypto_0]
100040                   D       -       0xfffffe0053f31100  [crypto_1]
100056                   D       -       0xfffffe0053f2e000  [vtnet0 rxq 0]
100057                   D       -       0xfffffe0007974e00  [vtnet0 txq 0]
100058                   D       -       0xfffffe0007974d00  [vtnet0 rxq 1]
100059                   D       -       0xfffffe0007974c00  [vtnet0 txq 1]
100063                   D       vtbslp  0xfffffe0057011800  [virtio_balloon]
100067                   D       -       0xffffffff82bcd2c0  [deadlkres]
100071                   D       -       0xfffffe0007973200  [mca taskq]
100072                   D       -       0xfffffe00574c3200  [acpi_task_0]
100073                   D       -       0xfffffe00574c3200  [acpi_task_1]
100074                   D       -       0xfffffe00574c3200  [acpi_task_2]
100076                   D       -       0xfffffe0053f30e00  [CAM taskq]
db> show all locks
Process 5453 (syz-executor2790543) thread 0xfffffe0058b251e0 (100088)
shared rw helper list lock (helper list lock) r = 0 (0xffffffff83e21400) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_khelp.c:197
db> show malloc
              Type        InUse        MemUse     Requests
           pf_hash            5        11524K            5
          tcp_hpts            7         4801K            7
            devbuf         4217         4323K         4245
         sysctloid        35322         2081K        35393
             vtbuf           24         1968K           46
              kobj          328         1312K          489
            newblk          130         1057K          720
          vfscache            3         1025K            3
               pcb           23          541K         9358
          inodedep            2          513K           72
         ufs_quota            1          512K            1
          vfs_hash            1          512K            1
           callout            2          512K            2
              intr            4          472K            4
           subproc          102          198K         5513
            acpica         1674          184K        57552
         vnet_data            1          168K            1
           tidhash            3          141K            3
              vmem            3          138K            4
            linker          358          134K          386
           pagedep            2          129K           20
        tfo_ccache            1          128K            1
               sem            4          106K            4
            DEVFS1          105          105K          114
               bus          994           81K         5207
          mtx_pool            2           72K            2
          syncache            1           68K            1
            module          513           65K          513
          acpitask            1           64K            1
       ddb_capture            1           64K            1
              umtx          264           33K          264
              temp           17           33K         1645
           filemon            4           32K         9319
         hostcache            1           32K            1
               shm            1           32K            1
           kdtrace          160           32K         5571
            DEVFS3          124           31K          134
               msg            4           30K            4
        gtaskqueue           18           26K           18
            kbdmux            6           22K            6
        DEVFS_RULE           56           20K           56
               BPF           10           18K           10
         ufs_mount            4           17K            5
              proc            3           17K            3
               tty           16           16K           16
           ithread          100           16K          100
            bus-sc           34           15K         1681
            KTRACE          100           13K          100
              kenv           95           12K           95
      eventhandler          134           12K          134
            ifaddr           30           12K           32
              rman           88           11K          431
              GEOM           61           11K          490
          routetbl           50           11K          176
         CAM queue            5           11K         1528
              cred           35            9K          273
         bmsafemap            3            9K           42
              UART           12            9K           12
           devstat            4            9K            4
              ksem            1            8K            1
               rpc            2            8K            2
             shmfd            1            8K            1
       pfs_vncache            1            8K            1
         pfs_nodes           20            8K           20
     audit_evclass          237            8K          296
         taskqueue           63            7K           63
            sglist            5            7K            5
           CAM DEV            3            6K          510
       ufs_dirhash           24            5K           24
               UMA          272            5K          272
                vt           11            5K           11
             ifnet            3            5K            3
           memdesc            1            4K            1
               MCA           32            4K           32
            plimit           16            4K          383
          filedesc            1            4K            1
             evdev            4            4K            4
           acpisem           28            4K           28
             hhook           15            4K           17
       ether_multi           40            4K           50
           lltable           11            4K           11
          pf_ifnet            5            3K            6
         in6_multi           25            3K           25
          terminal           11            3K           11
            kqueue           44            3K         5457
           pwddesc           43            3K         5455
           session           21            3K         4694
           uidinfo            3            3K           12
         proc-args           63            3K         6426
        local_apic            1            2K            1
           io_apic            1            2K            1
       fpukern_ctx            2            2K            2
         ipsec-saq            2            2K            2
             selfd           27            2K        67800
             lockf           16            2K           32
            Unitno           27            2K           39
           CAM XPT           22            2K          543
               msi           12            2K           12
       ipsecpolicy            2            2K            2
           acpidev           20            2K           20
             clone            9            2K            9
           softdep            1            1K            1
            sahead            1            1K            1
          secasvar            1            1K            1
       vnodemarker            2            1K           56
      NFSD session            1            1K            1
        CAM periph            4            1K          271
            select            7            1K           29
         sctp_atcl            2            1K         4660
             ipsec            3            1K            3
             nhops            6            1K            6
         toponodes            6            1K            6
            isadev            6            1K            6
             mount           16            1K           89
          pci_link           10            1K           10
          sctp_ifa            5            1K            6
            crypto            4            1K            4
            ip6ndp            4            1K            5
 encap_export_host           12            1K           12
            DEVFSP            8            1K         9328
          in_multi            2            1K            4
              pfil            4            1K            4
              cdev            2            1K            2
    chacha20random            1            1K            1
               osd            7            1K           18
       inpcbpolicy           10            1K          139
         sctp_iter            1            1K         8822
          sctp_ifn            2            1K            6
         sctp_cpal            1            1K         9318
      NFSD lckfile            1            1K            1
     NFSD V4client            1            1K            1
             DEVFS            9            1K           10
          freework            1            1K           26
          indirdep            1            1K            3
               mld            2            1K            2
              igmp            2            1K            2
            vnodes            1            1K            1
           CAM SIM            2            1K            2
            feeder            7            1K            7
           tcpfunc            3            1K            3
            CC Mem            3            1K            7
        loginclass            3            1K            7
            prison            6            1K            6
       lkpikmalloc            5            1K            6
        aesni_data            2            1K            2
         cryptodev            2            1K           49
          nexusdev            8            1K            8
            apmdev            1            1K            1
          atkbddev            2            1K            2
            diradd            1            1K           37
     CAM dev queue            2            1K            2
 CAM I/O Scheduler            1            1K            1
          CAM path            4            1K         1034
          procdesc            1            1K            6
          pmchooks            1            1K            1
            soname            4            1K         3479
               tun            3            1K            3
          sctp_vrf            1            1K            1
         sctp_atky            2            1K         4660
              vnet            1            1K            1
           entropy            2            1K           36
               pmc            1            1K            1
          acpiintr            1            1K            1
         sctp_athm            2            1K         4660
              cpus            2            1K            2
    vnet_data_free            1            1K            1
           Per-cpu            1            1K            1
          p1003.1b            1            1K            1
          filecaps            1            1K           70
        sctp_mcore            0            0K            0
        sctp_socko            0            0K         4660
         sctp_mvrf            0            0K            0
         sctp_timw            0            0K            0
         sctp_cmsg            0            0K            0
         sctp_stre            0            0K            0
         sctp_athi            0            0K            0
         sctp_a_it            0            0K            4
         sctp_aadr            0            0K            0
         sctp_stro            0            0K            0
         sctp_stri            0            0K            0
          sctp_map            0            0K            0
            ipcomp            0            0K            0
               esp            0            0K            0
                ah            0            0K            0
          pf_table            0            0K            0
           pf_rule            0            0K            0
           pf_altq            0            0K            0
           pf_osfp            0            0K            0
           pf_temp            0            0K            0
            mqdata            0            0K            0
            tcp_do            0            0K            0
           tcp_fsb            0            0K            0
     NFSCL sockreq            0            0K            0
     NFSCL devinfo            0            0K            0
        madt_table            0            0K            2
          smartpqi            0            0K            0
     NFSCL flayout            0            0K            0
      NFSCL layout            0            0K            0
     NFSD rollback            0            0K            0
               ixl            0            0K            0
      NFSCL diroff            0            0K            0
       NEWdirectio            0            0K            0
        NEWNFSnode            0            0K            0
         NFSCL lck            0            0K            0
      NFSCL lckown            0            0K            0
      NFSCL client            0            0K            0
       NFSCL deleg            0            0K            0
        ice-resmgr            0            0K            0
         ice-osdep            0            0K            0
               ice            0            0K            0
              iavf            0            0K            0
             axgbe            0            0K            0
        NFSCL open            0            0K            0
       NFSCL owner            0            0K            0
            NFS fh            0            0K            0
           NFS req            0            0K            0
     NFSD usrgroup            0            0K            0
       NFSD string            0            0K            0
       NFSD V4lock            0            0K            0
      NFSD V4state            0            0K            0
          xen_intr            0            0K            0
     NFSD srvcache            0            0K            0
       msdosfs_fat            0            0K            0
           xen_hvm            0            0K            0
         legacydrv            0            0K            0
            bounce            0            0K            0
            busdma            0            0K            0
            qpidrv            0            0K            0
     msdosfs_mount            0            0K            0
      msdosfs_node            0            0K            0
      dmar_idpgtbl            0            0K            0
          dmar_dom            0            0K            0
          dmar_ctx            0            0K            0
              isci            0            0K            0
      iommu_dmamap            0            0K            0
            DEVFS4            0            0K            0
     hyperv_socket            0            0K            0
           bxe_ilt            0            0K            0
            xenbus            0            0K            0
            DEVFS2            0            0K            0
            gntdev            0            0K            0
     vm_fictitious            0            0K            0
       privcmd_dev            0            0K            0
        evtchn_dev            0            0K            0
          xenstore            0            0K            0
         scsi_pass            0            0K            0
         ciss_data            0            0K            0
               xnb            0            0K            0
          xen_acpi            0            0K            0
              xbbd            0            0K            0
               xbd            0            0K            0
           Balloon            0            0K            0
          sysmouse            0            0K            0
           UMAHash            0            0K            0
            vtfont            0            0K            0
         vm_pgdata            0            0K            0
           jblocks            0            0K            0
          savedino            0            0K           18
          sentinel            0            0K            0
            jfsync            0            0K            0
            jtrunc            0            0K            0
             sbdep            0            0K            7
           jsegdep            0            0K            0
              jseg            0            0K            0
         jfreefrag            0            0K            0
          jfreeblk            0            0K            0
           jnewblk            0            0K            0
            jmvref            0            0K            0
           jremref            0            0K            0
           jaddref            0            0K            0
           freedep            0            0K            0
         newdirblk            0            0K            8
            dirrem            0            0K           28
             mkdir            0            0K           16
          freefile            0            0K           26
          freeblks            0            0K           25
          freefrag            0            0K            1
        allocindir            0            0K            0
       allocdirect            0            0K            0
          ufs_trim            0            0K            0
           mactemp            0            0K            0
     audit_trigger            0            0K            0
 audit_pipe_presel            0            0K            0
     audit_pipeent            0            0K            0
        audit_pipe            0            0K            0
      audit_evname            0            0K            0
         audit_bsm            0            0K            0
      audit_gidset            0            0K            0
        audit_text            0            0K            0
        audit_path            0            0K            0
        audit_data            0            0K            0
        audit_cred            0            0K            0
         BACKLIGHT            0            0K            0
           ath_hal            0            0K            0
            athdev            0            0K            0
           ata_pci            0            0K            0
           ata_dma            0            0K            0
       ata_generic            0            0K            0
            pvscsi            0            0K            0
           scsi_da            0            0K           69
            ata_da            0            0K            0
           scsi_ch            0            0K            0
           scsi_cd            0            0K            0
          ktls_ocf            0            0K            0
       AHCI driver            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
      MLX5E_TLS_RX            0            0K            0
        MLX5EEPROM            0            0K            0
         MLX5E_TLS            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
            MLX5EN            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
          MLX5DUMP            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
          seq_file            0            0K            0
           lkpiskb            0            0K            0
             radix            0            0K            0
               idr            0            0K            0
          lkpindev            0            0K            0
            lkpifw            0            0K            0
         lkpi80211            0            0K            0
               NLM            0            0K            0
    ipsec-spdcache            0            0K            0
         ipsec-reg            0            0K            0
        ipsec-misc            0            0K            0
      ipsecrequest            0            0K            0
            ip6opt            0            0K            3
       ip6_msource            0            0K            0
      ip6_moptions            0            0K            0
       in6_mfilter            0            0K            0
             frag6            0            0K            0
            tcplog            0            0K            0
        tcp_hwpace            0            0K            0
            USBdev            0            0K            0
               USB            0            0K            0
               LRO            0            0K            0
        ip_msource            0            0K            0
       ip_moptions            0            0K            0
        in_mfilter            0            0K            0
              ipid            0            0K            0
         80211scan            0            0K            0
      80211ratectl            0            0K            0
        80211power            0            0K            0
       80211nodeie            0            0K            0
         80211node            0            0K            0
      80211mesh_gt            0            0K            0
      80211mesh_rt            0            0K            0
         80211perr            0            0K            0
         80211prep            0            0K            0
         80211preq            0            0K            0
          80211dfs            0            0K            0
       80211crypto            0            0K            0
          80211vap            0            0K            0
             iflib            0            0K            0
              vlan            0            0K            0
               gif            0            0K            0
           ifdescr            0            0K            0
              zlib            0            0K            0
           fadvise            0            0K            0
           VN POLL            0            0K            0
               agp            0            0K            0
            statfs            0            0K          212
     namei_tracker            0            0K            0
       export_host            0            0K            0
        cl_savebuf            0            0K            3
           nvme_da            0            0K            0
           acpipwr            0            0K            0
         acpi_perf            0            0K            0
            twsbuf            0            0K            0
      twe_commands            0            0K            0
       tcp_log_dev            0            0K            0
      midi buffers            0            0K            0
             mixer            0            0K            0
              ac97            0            0K            0
             hdacc            0            0K            0
              hdac            0            0K            0
              hdaa            0            0K            0
         acpicmbat            0            0K            0
       SIIS driver            0            0K            0
           CAM CCB            0            0K          523
            biobuf            0            0K            0
              aios            0            0K            0
               lio            0            0K            0
               acl            0            0K            0
          mbuf_tag            0            0K           27
              ktls            0            0K            0
               PUC            0            0K            0
          ppbusdev            0            0K            0
agtiapi_MemAlloc malloc            0            0K            0
    osti_cacheable            0            0K            0
          tempbuff            0            0K            0
          tempbuff            0            0K            0
ag_tgt_map_t malloc            0            0K            0
ag_slr_map_t malloc            0            0K            0
lDevFlags * malloc            0            0K            0
tiDeviceHandle_t * malloc            0            0K            0
ag_portal_data_t malloc            0            0K            0
ag_device_t malloc            0            0K            0
     STLock malloc            0            0K            0
          CCB List            0            0K            0
            sr_iov            0            0K            0
               OCS            0            0K            0
               OCS            0            0K            0
              nvme            0            0K            0
               nvd            0            0K            0
            netmap            0            0K            0
            mwldev            0            0K            0
        MVS driver            0            0K            0
     CAM ccb queue            0            0K            0
              accf            0            0K            0
               pts            0            0K            0
               iov            0            0K        13761
          ioctlops            0            0K           86
           eventfd            0            0K            0
           Witness            0            0K            0
             stack            0            0K            0
          mrsasbuf            0            0K            0
          mpt_user            0            0K            0
          mps_user            0            0K            0
            MPSSAS            0            0K            0
               mps            0            0K            0
              sbuf            0            0K          288
          mpr_user            0            0K            0
          firmware            0            0K            0
        compressor            0            0K            0
            MPRSAS            0            0K            0
              SWAP            0            0K            0
               mpr            0            0K            0
            mfibuf            0            0K            0
         sysctltmp            0            0K          662
            sysctl            0            0K            3
        md_sectors            0            0K            0
              ekcd            0            0K            0
            dumper            0            0K            0
          sendfile            0            0K            0
              rctl            0            0K            0
           md_disk            0            0K            0
           malodev            0            0K            0
               LED            0            0K            0
          ix_sriov            0            0K            0
             cache            0            0K            0
        aacraidcam            0            0K            0
          kcovinfo            0            0K            0
      prison_racct            0            0K            0
       Fail Points            0            0K            0
             sigio            0            0K            1
filedesc_to_leader            0            0K            0
               pwd            0            0K            0
       tty console            0            0K            0
                ix            0            0K            0
            ipsbuf            0            0K            0
       aacraid_buf            0            0K            0
            aaccam            0            0K            0
         boottrace            0            0K            0
            aacbuf            0            0K            0
              zstd            0            0K            0
            XZ_DEC            0            0K            0
            nvlist            0            0K            0
          SCSI ENC            0            0K            0
           SCSI sa            0            0K            0
        isofs_node            0            0K            0
       isofs_mount            0            0K            0
     tr_raid5_data            0            0K            0
    tr_raid1e_data            0            0K            0
     tr_raid1_data            0            0K            0
     tr_raid0_data            0            0K            0
    tr_concat_data            0            0K            0
       md_sii_data            0            0K            0
   md_promise_data            0            0K            0
    md_nvidia_data            0            0K            0
   md_jmicron_data            0            0K            0
     md_intel_data            0            0K            0
       md_ddf_data            0            0K            0
         raid_data            0            0K           72
     geom_flashmap            0            0K            0
         tmpfs dir            0            0K            0
        tmpfs name            0            0K            0
       tmpfs mount            0            0K            0
           NFS FHA            0            0K            0
         newnfsmnt            0            0K            0
  newnfsclient_req            0            0K            0
   NFSCL layrecall            0            0K            0
     NFSCL session            0            0K            0
db> show uma
              Zone   Size    Used    Free    Requests  Sleeps  Bucket  Total Mem    XFree
   mbuf_jumbo_page   4096    8320    1078       16681       0     254   38494208        0
              mbuf    256    8578    1084       28355       0     254    2473472        0
              pbuf   2624       0     778           0       0       2    2041472        0
          BUF TRIE    144     181   11607         583       0      62    1697472        0
        malloc-384    384    4165       5        4165       0      30    1601280        0
       malloc-4096   4096     373       5        6030       0       2    1548288        0
        malloc-128    128   11636      82       11642       0     126    1499904        0
       UMA Slabs 0    112   10592      22       10592       0     126    1188768        0
      mbuf_cluster   2048     508       0         508       0     254    1040384        0
         vmem btag     56   16370      85       16370       0     254     921480        0
           sctp_ep   1208       2     508        4660       0     254     616080        0
         FFS inode   1160     488      30         514       0       8     600880        0
             tcpcb   1104       3     508           7       0     254     564144        0
        RADIX NODE    144    3267     228       43522       0      62     503280        0
            socket    960      21     487        5999       0     254     487680        0
         VM OBJECT    264    1352     193       62073       0      31     407880        0
          lkpicurr    168       2    2350           2       0      62     395136        0
            lkpimm    168       1    2327           1       0      62     391104        0
      malloc-65536  65536       5       0           5       0       1     327680        0
        256 Bucket   2048     136      16        1034       0       8     311296        0
         malloc-64     64    3866     481        3868       0     254     278208        0
             VNODE    448     519      57         547       0      30     258048        0
         malloc-16     16   14609     391       14669       0     254     240000        0
            THREAD   1808     115      17         115       0       8     238656        0
            DEVCTL   1024       0     220         126       0       0     225280        0
        malloc-128    128    1321     322       32147       0     126     210304        0
      malloc-65536  65536       3       0           3       0       1     196608        0
         MAP ENTRY     96    1547     469      178632       0     126     193536        0
         UMA Zones    768     244       0         244       0      16     187392        0
         malloc-32     32    5322     348        5331       0     254     181440        0
        malloc-256    256     170     520         853       0      62     176640        0
       FFS2 dinode    256     488      82         514       0      62     145920        0
      malloc-65536  65536       0       2          46       0       1     131072        0
      malloc-65536  65536       0       2         144       0       1     131072        0
       malloc-1024   1024     116      12         282       0      16     131072        0
             unpcb    256       7     503        1183       0     254     130560        0
       mbuf_packet    256       1     507        8895       0     254     130048        0
       S VFS Cache    104     982     188        1023       0     126     121680        0
          ksiginfo    112      37    1007          76       0     126     116928        0
     FPU_save_area    832     117      18         157       0      16     112320        0
        malloc-256    256     293     142        5619       0      62     111360        0
        128 Bucket   1024      50      49         550       0      16     101376        0
        malloc-128    128     586     189        3900       0     126      99200        0
        malloc-128    128     598     177        1178       0     126      99200        0
       malloc-8192   8192       7       5        9322       0       1      98304        0
       malloc-2048   2048      11      37        5942       0       9      98304        0
           VMSPACE   2552      27       9        5439       0       4      91872        0
          UMA Kegs    384     230       3         230       0      30      89472        0
         64 Bucket    512      83      85        2461       0      30      86016        0
            clpbuf   2624       0      32          24       0      16      83968        0
              PROC   1352      43      14        5454       0       8      77064        0
         filedesc0   1072      44      26        5455       0       8      75040        0
       malloc-8192   8192       9       0           9       0       1      73728        0
       malloc-8192   8192       7       2         110       0       1      73728        0
             g_bio    408       0     180        4976       0      30      73440        0
         malloc-64     64     774     297       74703       0     254      68544        0
         malloc-64     64     575     496       16411       0     254      68544        0
      malloc-65536  65536       1       0           1       0       1      65536        0
      malloc-32768  32768       0       2         120       0       1      65536        0
      malloc-32768  32768       2       0           2       0       1      65536        0
      malloc-16384  16384       4       0           4       0       1      65536        0
       malloc-4096   4096      15       1          26       0       2      65536        0
       malloc-1024   1024      21      43         546       0      16      65536        0
        malloc-256    256     105     150        9598       0      62      65280        0
        malloc-256    256      67     188        9857       0      62      65280        0
         udp_inpcb    424       6     120         128       0      30      53424        0
         32 Bucket    256      65     130        7373       0      62      49920        0
           DIRHASH   1024      34      14          34       0      16      49152        0
             NAMEI   1024       0      48       21851       0      16      49152        0
      malloc-16384  16384       1       2         161       0       1      49152        0
       malloc-4096   4096      10       2         554       0       2      49152        0
       malloc-2048   2048      11      13          12       0       8      49152        0
       malloc-1024   1024      19      29         913       0      16      49152        0
        malloc-384    384      62      58        5060       0      30      46080        0
          syncache    168       0     264           5       0     254      44352        0
            pcpu-8      8    4221     387        4249       0     254      36864        0
              PGRP     88      21     393        4694       0     126      36432        0
         malloc-64     64      31     536       13737       0     254      36288        0
         malloc-64     64      26     541          42       0     254      36288        0
         malloc-64     64     116     451         141       0     254      36288        0
         malloc-64     64      10     557          42       0     254      36288        0
         malloc-64     64      51     516        5463       0     254      36288        0
        malloc-128    128      29     250         165       0     126      35712        0
        malloc-128    128       1     278          28       0     126      35712        0
        malloc-128    128      95     184         496       0     126      35712        0
        malloc-128    128      20     259          25       0     126      35712        0
     routing nhops    256      10     125          17       0      62      34560        0
           ttyoutq    256      72      63         160       0      62      34560        0
        malloc-384    384      54      36          64       0      30      34560        0
        malloc-384    384       1      89          90       0      30      34560        0
        malloc-256    256      23     112         453       0      62      34560        0
        malloc-256    256       2     133          52       0      62      34560        0
        malloc-256    256       6     129         288       0      62      34560        0
        malloc-256    256      23     112          42       0      62      34560        0
         TURNSTILE    136     133     119         133       0      62      34272        0
      malloc-32768  32768       1       0           1       0       1      32768        0
      malloc-16384  16384       2       0          17       0       1      32768        0
       malloc-8192   8192       4       0           4       0       1      32768        0
       malloc-2048   2048       1      15          25       0       8      32768        0
       malloc-2048   2048       2      14          11       0       8      32768        0
       malloc-1024   1024       2      30          45       0      16      32768        0
       malloc-1024   1024       2      30           6       0      16      32768        0
       malloc-1024   1024       3      29           7       0      16      32768        0
        malloc-512    512       0      64         118       0      30      32768        0
        malloc-512    512       2      62           2       0      30      32768        0
        malloc-512    512       3      61          57       0      30      32768        0
        malloc-512    512       0      64           9       0      30      32768        0
        malloc-512    512      10      54          60       0      30      32768        0
        malloc-512    512       3      61           3       0      30      32768        0
           pcpu-64     64     493      19         493       0     254      32768        0
    ertt_txseginfo     40       0     808        4675       0     254      32320        0
            ttyinq    160     135      65         300       0      62      32000        0
            cpuset    104       7     272           7       0     126      29016        0
        sctp_laddr     48       0     588           4       0     254      28224        0
         malloc-32     32      39     843        4868       0     254      28224        0
         malloc-32     32     378     504        9135       0     254      28224        0
         16 Bucket    144      47     149         245       0      62      28224        0
          4 Bucket     48       5     583         164       0     254      28224        0
         tcp_inpcb    424       3      60           7       0      30      26712        0
             ripcb    424       1      62           4       0      30      26712        0
            da_ccb    544       0      49        1369       0      16      26656        0
              pipe    744       6      29         293       0      16      26040        0
       malloc-4096   4096       6       0           6       0       2      24576        0
           rtentry    176      13     125          17       0      62      24288        0
          rl_entry     40      27     579          27       0     254      24240        0
             Files     80      74     226       20703       0     126      24000        0
          8 Bucket     80      34     266         282       0     126      24000        0
        malloc-384    384      11      49          11       0      30      23040        0
        malloc-384    384      10      50          13       0      30      23040        0
        SLEEPQUEUE     88     133     123         133       0     126      22528        0
         hostcache     64       1     314           1       0     254      20160        0
             udpcb     32       6     624         128       0     254      20160        0
   udp_inpcb ports     32       3     627          40       0     254      20160        0
              ertt     72       3     277           7       0     126      20160        0
               PWD     32      10     620         108       0     254      20160        0
         malloc-32     32       4     626          63       0     254      20160        0
         malloc-32     32     132     498        1414       0     254      20160        0
         malloc-32     32      31     599          56       0     254      20160        0
         malloc-32     32      29     601          31       0     254      20160        0
         malloc-32     32       7     623          10       0     254      20160        0
          2 Bucket     32      46     584         460       0     254      20160        0
       Mountpoints   2752       2       5           2       0       4      19264        0
 epoch_record pcpu    256       4      60           4       0      62      16384        0
       malloc-8192   8192       0       2          28       0       1      16384        0
       malloc-8192   8192       2       0           2       0       1      16384        0
       malloc-4096   4096       1       3         214       0       2      16384        0
       malloc-2048   2048       0       8          12       0       8      16384        0
       malloc-2048   2048       3       5           3       0       8      16384        0
       malloc-2048   2048       2       6           2       0       8      16384        0
       malloc-2048   2048       3       5           3       0       8      16384        0
       malloc-1024   1024       4      12           5       0      16      16384        0
       malloc-1024   1024       1      15           1       0      16      16384        0
        malloc-512    512       0      32           1       0      30      16384        0
           SMR CPU     32       7     504           7       0     254      16352        0
      vtnet_tx_hdr     24       1     667        6336       0     254      16032        0
         malloc-16     16     511     489        3512       0     254      16000        0
              kenv    258      15      45        1037       0      30      15480        0
            mqnode    416       3      33           3       0      30      14976        0
              vmem   1856       1       7           1       0       8      14848        0
        SMR SHARED     24       7     504           7       0     254      12264        0
   tcp_inpcb ports     32       1     377           1       0     254      12096        0
             KNOTE    160       0      75           8       0      62      12000        0
         malloc-16     16      43     707        6041       0     254      12000        0
         malloc-16     16       9     741          15       0     254      12000        0
         malloc-16     16      16     734          65       0     254      12000        0
         malloc-16     16      49     701       26492       0     254      12000        0
         malloc-16     16       8     742        4668       0     254      12000        0
        malloc-384    384       0      30           1       0      30      11520        0
       malloc-8192   8192       1       0           1       0       1       8192        0
       malloc-4096   4096       0       2           2       0       2       8192        0
       malloc-4096   4096       0       2           1       0       2       8192        0
         malloc-16     16       0     500           2       0     254       8000        0
           pcpu-16     16       7     249           7       0     254       4096        0
       UMA Slabs 1    176       8      14           8       0      62       3872        0
        KMAP ENTRY     96      12      27          14       0       0       3744        0
       FFS1 dinode    128       0       0           0       0     126          0        0
           ada_ccb    272       0       0           0       0      30          0        0
             swblk    136       0       0           0       0      62          0        0
          swpctrie    144       0       0           0       0      62          0        0
   cdg_qdiffsample     16       0       0           0       0     254          0        0
   pf state scrubs     40       0       0           0       0     254          0        0
   pf frag entries     40       0       0           0       0     254          0        0
          pf frags    248       0       0           0       0      62          0        0
  pf table entries    160       0       0           0       0     254          0        0
pf table entry counters     64       0       0           0       0     254          0        0
   pf source nodes    136       0       0           0       0     254          0        0
     pf state keys     88       0       0           0       0     126          0        0
         pf states    312       0       0           0       0     254          0        0
           pf tags    104       0       0           0       0     126          0        0
          pf mtags     56       0       0           0       0     254          0        0
      tcp_rack_pcb    896       0       0           0       0      16          0        0
      tcp_rack_map    120       0       0           0       0     126          0        0
       tcp_bbr_pcb    832       0       0           0       0      16          0        0
       tcp_bbr_map    128       0       0           0       0     126          0        0
tfo_ccache_entries     80       0       0           0       0     126          0        0
               tfo      4       0       0           0       0     254          0        0
          sackhole     32       0       0           0       0     254          0        0
             tcptw     72       0       0           0       0     254          0        0
               ipq     56       0       0           0       0     254          0        0
   sctp_asconf_ack     48       0       0           0       0     254          0        0
       sctp_asconf     40       0       0           0       0     254          0        0
sctp_stream_msg_out    112       0       0           0       0     254          0        0
        sctp_readq    152       0       0           0       0     254          0        0
        sctp_chunk    152       0       0           0       0     254          0        0
        sctp_raddr    736       0       0           0       0     254          0        0
         sctp_asoc   2256       0       0           0       0     254          0        0
      tcp_log_node    120       0       0           0       0     126          0        0
    tcp_log_bucket    176       0       0           0       0      62          0        0
           tcp_log    416       0       0           0       0     254          0        0
          tcpreass     48       0       0           0       0     254          0        0
       ripcb ports     32       0       0           0       0     254          0        0
udplite_inpcb ports     32       0       0           0       0     254          0        0
     udplite_inpcb    424       0       0           0       0      30          0        0
    IPsec SA lft_c     16       0       0           0       0     254          0        0
            itimer    352       0       0           0       0      30          0        0
            AIOLIO    272       0       0           0       0      30          0        0
             AIOCB    552       0       0           0       0      16          0        0
              AIOP     32       0       0           0       0     254          0        0
               AIO    208       0       0           0       0      62          0        0
           NCLNODE    608       0       0           0       0      16          0        0
        mqnotifier    216       0       0           0       0      62          0        0
            mvdata     64       0       0           0       0     254          0        0
            mqueue    248       0       0           0       0      62          0        0
        TMPFS node    224       0       0           0       0      62          0        0
     LTS VFS Cache    360       0       0           0       0      30          0        0
       L VFS Cache    320       0       0           0       0      30          0        0
     STS VFS Cache    144       0       0           0       0      62          0        0
           cryptop    280       0       0           0       0      30          0        0
  linux_dma_object     32       0       0           0       0     254          0        0
  linux_dma_pctrie    144       0       0           0       0      62          0        0
   IOMMU_MAP_ENTRY    120       0       0           0       0     126          0        0
    mbuf_jumbo_16k  16384       0       0           0       0     254          0        0
     mbuf_jumbo_9k   9216       0       0           0       0     254          0        0
      audit_record   1280       0       0           0       0       8          0        0
         domainset     40       0       0           0       0     254          0        0
        MAC labels     40       0       0           0       0     254          0        0
            vnpbuf   2624       0       0           0       0      64          0        0
            mdpbuf   2624       0       0           0       0       3          0        0
           nfspbuf   2624       0       0           0       0      16          0        0
            swwbuf   2624       0       0           0       0       8          0        0
            swrbuf   2624       0       0           0       0      16          0        0
          umtx_shm     88       0       0           0       0     126          0        0
           umtx pi     96       0       0           0       0     126          0        0
rangeset pctrie nodes    144       0       0           0       0      62          0        0
      malloc-65536  65536       0       0           0       0       1          0        0
      malloc-65536  65536       0       0           0       0       1          0        0
      malloc-65536  65536       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
       malloc-8192   8192       0       0           0       0       1          0        0
       malloc-4096   4096       0       0           0       0       2          0        0
        malloc-512    512       0       0           0       0      30          0        0
        malloc-384    384       0       0           0       0      30          0        0
           pcpu-32     32       0       0           0       0     254          0        0
            pcpu-4      4       0       0           0       0     254          0        0
            fakepg    104       0       0           0       0     126          0        0
          UMA Hash    256       0       0           0       0      62          0        0

Crashes (7):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-freebsd-main 2022/04/19 02:17 freebsd-src ecbe50447d04 7c337266 console log report syz C panic: ASan: Invalid access, NUM-byte read at ADDR, UMAUseAfterFree(fd)
ci-freebsd-main 2022/04/18 12:21 freebsd-src eb45bc682915 7c337266 console log report syz C panic: ASan: Invalid access, NUM-byte read at ADDR, UMAUseAfterFree(fd)
ci-freebsd-main 2022/04/19 18:12 freebsd-src f2edc9155721 7c337266 console log report panic: ASan: Invalid access, NUM-byte read at ADDR, UMAUseAfterFree(fd)
ci-freebsd-main 2022/04/18 12:00 freebsd-src eb45bc682915 7c337266 console log report panic: ASan: Invalid access, NUM-byte read at ADDR, UMAUseAfterFree(fd)
ci-freebsd-i386 2022/04/19 07:30 freebsd-src c2f6aae0076d 7c337266 console log report panic: ASan: Invalid access, NUM-byte read at ADDR, UMAUseAfterFree(fd)
ci-freebsd-i386 2022/04/18 21:09 freebsd-src eb45bc682915 7c337266 console log report panic: ASan: Invalid access, NUM-byte read at ADDR, UMAUseAfterFree(fd)
ci-freebsd-i386 2022/04/17 21:17 freebsd-src b85b9c88eb02 7c337266 console log report panic: ASan: Invalid access, NUM-byte read at ADDR, UMAUseAfterFree(fd)
* Struck through repros no longer work on HEAD.