syzbot


panic: Memory modified after free ADDR(112) val=ADDR @ ADDR (2)

Status: fixed on 2021/01/05 16:11
Reported-by: syzbot+07667d16c96779c737b4@syzkaller.appspotmail.com
Fix commit: a7aa5eea4fff sctp: improve handling of aborted associations
First crash: 1006d, last: 762d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
freebsd panic: Memory modified after free ADDR(112) val=ADDR @ ADDR 1 1106d 1106d 0/2 auto-closed as invalid on 2020/04/27 01:27

Sample crash report:
login: panic: Memory modified after free 0xfffff80019a09d90(112) val=de00c0de @ 0xfffff80019a09df8

cpuid = 1
time = 1602999771
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0025e45460
vpanic() at vpanic+0x1c7/frame 0xfffffe0025e454c0
panic() at panic+0x43/frame 0xfffffe0025e45520
trash_ctor() at trash_ctor+0xa8/frame 0xfffffe0025e45560
item_ctor() at item_ctor+0x1e2/frame 0xfffffe0025e455c0
sctp_lower_sosend() at sctp_lower_sosend+0x40f2/frame 0xfffffe0025e457b0
sctp_sosend() at sctp_sosend+0x4fc/frame 0xfffffe0025e458e0
sosend() at sosend+0xc6/frame 0xfffffe0025e45950
kern_sendit() at kern_sendit+0x34b/frame 0xfffffe0025e45a00
sendit() at sendit+0x226/frame 0xfffffe0025e45a60
sys_sendmsg() at sys_sendmsg+0x8b/frame 0xfffffe0025e45ac0
amd64_syscall() at amd64_syscall+0x25e/frame 0xfffffe0025e45bf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0025e45bf0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x2838ea, rsp = 0x7fffdfffdf08, rbp = 0x7fffdfffdf70 ---
KDB: enter: panic
[ thread pid 3363 tid 100186 ]
Stopped at      kdb_enter+0x67: movq    $0,0x1477e46(%rip)
db> 
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs                        0x20
ds                        0x3b  ll+0x1a
es                        0x3b  ll+0x1a
fs                        0x13
gs                        0x1b
ss                        0x28  ll+0x7
rax                       0x12
rcx                       0x80  ll+0x5f
rdx         0xffffffff818c0ddd
rbx                          0
rsp         0xfffffe0025e45440
rbp         0xfffffe0025e45460
rsi                        0x1
rdi                          0
r8                           0
r9                  0xffffffff
r10                        0x1
r11         0xfffffe0025971510
r12         0xffffffff82066b10  ddb_dbbe
r13                          0
r14         0xffffffff819689f8
r15         0xffffffff819689f8
rip         0xffffffff810dbeb7  kdb_enter+0x67
rflags                    0x86  ll+0x65
kdb_enter+0x67: movq    $0,0x1477e46(%rip)
db> show proc
Process 3363 (syz-executor.3) at 0xfffff800198bca40:
 state: NORMAL
 uid: 0  gids: 0, 0, 5
 parent: pid 770 at 0xfffff80004ba6a40
 ABI: FreeBSD ELF64
 arguments: /root/syz-executor.3
 reaper: 0xfffff8000431f000 reapsubtree: 1
 sigparent: 20
 vmspace: 0xfffffe00257bd000
   (map 0xfffffe00257bd000)
   (map.pmap 0xfffffe00257bd0c0)
   (pmap 0xfffffe00257bd120)
 threads: 2
100121                   RunQ                                syz-executor.3
100186                   Run     CPU 1                       syz-executor.3
db> ps
  pid  ppid  pgrp   uid  state   wmesg   wchan               cmd
 3364   769   769     0  R       (threaded)                  syz-executor.1
100120                   RunQ                                syz-executor.1
100185                   S       uwait   0xfffff800047e7d00  syz-executor.1
 3363   770   770     0  R       (threaded)                  syz-executor.3
100121                   RunQ                                syz-executor.3
100186                   Run     CPU 1                       syz-executor.3
 3361   774   774     0  RE      CPU 0                       syz-executor.2
  852   833   852     0  Ss      select  0xfffff80004b64940  dhclient
  838     1   838     0  Ss      select  0xfffff80019161940  dhclient
  833   810   424    65  S       select  0xfffff80019161a40  dhclient
  810   424   424     0  S       wait    0xfffff800198bc000  sh
  774   767   774     0  Ss      nanslp  0xffffffff82527441  syz-executor.2
  772   767   772     0  Rs                                  syz-executor.0
  770   767   770     0  Rs                                  syz-executor.3
  769   767   769     0  Rs                                  syz-executor.1
  767   765   765     0  S       (threaded)                  syz-execprog
100080                   S       uwait   0xfffff800047e8900  syz-execprog
100108                   S       uwait   0xfffff80004a28700  syz-execprog
100109                   S       uwait   0xfffff80004a28800  syz-execprog
100110                   S       kqread  0xfffff80004b37300  syz-execprog
100111                   S       uwait   0xfffff800047e5180  syz-execprog
100112                   S       uwait   0xfffff800040f3100  syz-execprog
100113                   S       uwait   0xfffff800040f3200  syz-execprog
100114                   S       uwait   0xfffff800040f3300  syz-execprog
100115                   S       uwait   0xfffff800040f3600  syz-execprog
100116                   S       uwait   0xfffff800040f3700  syz-execprog
  765   763   765     0  Ss      pause   0xfffff8001940d5c8  csh
  763   682   763     0  Ss      select  0xfffff80004b647c0  sshd
  742     1   742     0  Ss+     ttyin   0xfffff800045958b0  getty
  741     1   741     0  Ss+     ttyin   0xfffff80004b434b0  getty
  740     1   740     0  Ss+     ttyin   0xfffff80004b43cb0  getty
  739     1   739     0  Ss+     ttyin   0xfffff80004b464b0  getty
  738     1   738     0  Ss+     ttyin   0xfffff80004b46cb0  getty
  737     1   737     0  Ss+     ttyin   0xfffff80004b454b0  getty
  736     1   736     0  Ss+     ttyin   0xfffff80004b45cb0  getty
  735     1   735     0  Ss+     ttyin   0xfffff800047f84b0  getty
  734     1   734     0  Ss+     ttyin   0xfffff800047f8cb0  getty
  732     1    24     0  S+      piperd  0xfffff80004c87000  logger
  731   730    24     0  S+      nanslp  0xffffffff82527441  sleep
  730     1    24     0  S+      wait    0xfffff80004d11a40  sh
  686     1   686     0  Ss      nanslp  0xffffffff82527440  cron
  682     1   682     0  Ss      select  0xfffff80004b63140  sshd
  495     1   495     0  Ss      select  0xfffff80019161ac0  syslogd
  424     1   424     0  Ss      wait    0xfffff80004d0ea40  devd
  423     1   423    65  Ss      select  0xfffff80004b64bc0  dhclient
  338     1   338     0  Ss      select  0xfffff80019161ec0  dhclient
  335     1   335     0  Ss      select  0xfffff80019161f40  dhclient
   23     0     0     0  DL      syncer  0xffffffff826147f8  [syncer]
   22     0     0     0  DL      vlruwt  0xfffff80004ba6520  [vnlru]
   21     0     0     0  DL      (threaded)                  [bufdaemon]
100070                   D       qsleep  0xffffffff826138d0  [bufdaemon]
100077                   D       -       0xffffffff8200ae00  [bufspacedaemon-0]
100087                   D       sdflush 0xfffff80004aea4e8  [/ worker]
   20     0     0     0  DL      psleep  0xffffffff8263adc8  [vmdaemon]
   19     0     0     0  DL      (threaded)                  [pagedaemon]
100068                   D       psleep  0xffffffff8262f1f8  [dom0]
100075                   D       launds  0xffffffff8262f204  [laundry: dom0]
100076                   D       umarcl  0xffffffff814e23e0  [uma]
   18     0     0     0  DL      -       0xffffffff8235af88  [rand_harvestq]
   17     0     0     0  DL      waiting 0xffffffff82d5d1d8  [sctp_iterator]
   16     0     0     0  DL      pftm    0xffffffff82b5b390  [pf purge]
   15     0     0     0  DL      -       0xffffffff82612eac  [soaiod4]
    9     0     0     0  DL      -       0xffffffff82612eac  [soaiod3]
    8     0     0     0  DL      -       0xffffffff82612eac  [soaiod2]
    7     0     0     0  DL      -       0xffffffff82612eac  [soaiod1]
    6     0     0     0  DL      (threaded)                  [cam]
100034                   D       -       0xffffffff82232cc0  [doneq0]
100067                   D       -       0xffffffff82232b90  [scanner]
    5     0     0     0  DL      crypto_ 0xfffff8000422ad90  [crypto returns 1]
    4     0     0     0  DL      crypto_ 0xfffff8000422ad30  [crypto returns 0]
    3     0     0     0  DL      crypto_ 0xffffffff8262c6f0  [crypto]
   14     0     0     0  DL      seqstat 0xfffff800040df488  [sequencer 00]
   13     0     0     0  DL      (threaded)                  [geom]
100025                   D       -       0xffffffff825063b0  [g_event]
100026                   D       -       0xffffffff825063b8  [g_up]
100027                   D       -       0xffffffff825063c0  [g_down]
    2     0     0     0  DL      (threaded)                  [KTLS]
100018                   D       -       0xfffff800040f7600  [thr_0]
100019                   D       -       0xfffff800040f7680  [thr_1]
   12     0     0     0  WL      (threaded)                  [intr]
100011                   I                                   [swi6: Giant taskq]
100013                   I                                   [swi5: fast taskq]
100017                   I                                   [swi6: task queue]
100020                   I                                   [swi1: netisr 0]
100021                   I                                   [swi4: clock (0)]
100022                   I                                   [swi4: clock (1)]
100023                   I                                   [swi3: vm]
100035                   I                                   [irq24: virtio_pci0]
100036                   I                                   [irq25: virtio_pci0]
100037                   I                                   [irq26: virtio_pci0]
100038                   I                                   [irq27: virtio_pci0]
100039                   I                                   [irq28: virtio_pci1]
100040                   I                                   [irq29: virtio_pci1]
100041                   I                                   [irq30: virtio_pci1]
100042                   I                                   [irq31: virtio_pci1]
100043                   I                                   [irq32: virtio_pci1]
100048                   I                                   [irq10: virtio_pci2]
100050                   I                                   [irq1: atkbd0]
100051                   I                                   [irq12: psm0]
100052                   I                                   [swi0: uart uart++]
100060                   I                                   [swi1: pf send]
100073                   I                                   [swi1: hpts]
100074                   I                                   [swi1: hpts]
   11     0     0     0  RL      (threaded)                  [idle]
100003                   CanRun                              [idle: cpu0]
100004                   CanRun                              [idle: cpu1]
    1     0     1     0  SLs     wait    0xfffff8000431f000  [init]
   10     0     0     0  DL      audit_w 0xffffffff8262cc10  [audit]
    0     0     0     0  DLs     (threaded)                  [kernel]
100000                   D       swapin  0xffffffff82506950  [swapper]
100005                   D       -       0xfffff8000433c700  [if_io_tqg_0]
100006                   D       -       0xfffff8000433c600  [if_io_tqg_1]
100007                   D       -       0xfffff8000433c500  [if_config_tqg_0]
100008                   D       -       0xfffff8000433c400  [softirq_0]
100009                   D       -       0xfffff8000433c300  [softirq_1]
100010                   D       -       0xfffff800040f7e00  [inm_free taskq]
100012                   D       -       0xfffff800040f7c00  [thread taskq]
100014                   D       -       0xfffff800040f7a00  [kqueue_ctx taskq]
100015                   D       -       0xfffff800040f7900  [in6m_free taskq]
100016                   D       -       0xfffff800040f7800  [aiod_kick taskq]
100024                   D       -       0xfffff800040f7500  [firmware taskq]
100029                   D       -       0xfffff800040f7400  [crypto_0]
100030                   D       -       0xfffff800040f7400  [crypto_1]
100044                   D       -       0xfffff800040f7000  [vtnet0 rxq 0]
100045                   D       -       0xfffff800040f6e00  [vtnet0 txq 0]
100046                   D       -       0xfffff800040f6d00  [vtnet0 rxq 1]
100047                   D       -       0xfffff800040f6c00  [vtnet0 txq 1]
100049                   D       vtbslp  0xfffff8000452f200  [virtio_balloon]
100053                   D       -       0xfffff800040f6b00  [mca taskq]
100058                   D       -       0xffffffff81d10601  [deadlkres]
100062                   D       -       0xfffff800040f6200  [acpi_task_0]
100063                   D       -       0xfffff800040f6200  [acpi_task_1]
100064                   D       -       0xfffff800040f6200  [acpi_task_2]
100066                   D       -       0xfffff800040f7300  [CAM taskq]
db> show all locks
db> show malloc
              Type        InUse        MemUse     Requests
           pf_hash            5        11524K            5
            devbuf         4214         4854K         4239
          tcp_hpts            5         3201K            5
             vtbuf           24         1968K           46
         sysctloid        28170         1644K        28234
          inodedep         2057         1540K         2633
              kobj          336         1344K          496
            newblk          412         1127K         2999
          vfscache            3         1025K            3
               pcb           26          541K        10244
         ufs_quota            1          512K            1
          vfs_hash            1          512K            1
           callout            2          512K            2
            dirrem         2023          506K         2566
              intr            4          472K            4
           subproc          139          269K         3447
          freefile         2023          253K         2560
            acpica         1674          185K        52444
         vnet_data            1          168K            1
           pagedep           20          133K         2569
        tfo_ccache            1          128K            1
          filedesc           18          121K         5144
               sem            4          106K            4
            DEVFS1          105          105K          122
            linker          254           99K          294
         sctp_timw          356           89K          356
               bus          979           79K         3032
          mtx_pool            2           72K            2
          syncache            1           68K            1
          acpitask            1           64K            1
       ddb_capture            1           64K            1
            module          507           64K          507
              umtx          324           41K          324
               BPF           22           36K           22
           kdtrace          181           35K         9936
              temp           35           33K         1805
         hostcache            1           32K            1
               shm            1           32K            1
            DEVFS3          124           31K          134
               msg            4           30K            4
        DEVFS_RULE           56           27K           56
        gtaskqueue           18           26K           18
            ifaddr           73           25K           73
              vmem            3           22K            5
            kbdmux            6           22K            6
           lltable           47           18K           47
         ufs_mount            5           17K            6
              proc            3           17K            3
               tty           16           16K           16
           tidhash            1           16K            1
           ithread           99           16K           99
       ether_multi          172           14K          182
            bus-sc           30           14K         1413
            KTRACE          100           13K          100
             ifnet            7           13K            7
              kenv           92           12K           92
      eventhandler          132           12K          132
         in6_multi           89           11K           89
         pfs_nodes           20           10K           20
              GEOM           60           10K          489
              rman           82           10K          423
         bmsafemap            2            9K         2603
              UART           12            9K           12
           devstat            4            9K            4
               rpc            2            8K            2
             shmfd            1            8K            1
       pfs_vncache            1            8K            1
     audit_evclass          233            8K          291
           CAM DEV            3            6K          510
            kqueue           59            6K         3369
            plimit           22            6K          365
              cred           22            6K          239
                vt           11            6K           11
            sglist            5            6K            5
         CAM queue            5            6K         1528
         taskqueue           48            6K           48
       ufs_dirhash           24            5K           24
          pf_ifnet           10            5K           19
               UMA          251            5K          251
           memdesc            1            4K            1
               MCA           32            4K           32
             evdev            4            4K            4
            diradd           31            4K         2600
          routetbl           24            4K           24
           session           26            4K           37
              pgrp           26            4K           37
             hhook           13            4K           13
         sctp_atcl            6            3K        12690
          terminal           11            3K           11
           acpisem           22            3K           22
         proc-args           47            3K          549
             mkdir           20            3K         5116
          indirdep           10            3K           10
            select           19            3K           19
           uidinfo            3            3K            8
          sctp_ifa           17            3K           19
         sctp_stro            2            2K         5069
        local_apic            1            2K            1
           io_apic            1            2K            1
         newdirblk           16            2K         2558
         ipsec-saq            2            2K            2
             lockf           19            2K           29
          freework            8            2K         2564
            ip6ndp           12            2K           21
            Unitno           35            2K         4278
          freeblks            7            2K         2563
           CAM XPT           22            2K          543
          in_multi            6            2K            8
       ipsecpolicy            2            2K            2
           acpidev           20            2K           20
               msi            9            2K            9
             clone            9            2K            9
               tun            7            2K            7
         sctp_stri            2            1K         5082
           softdep            1            1K            1
            sahead            1            1K            1
          secasvar            1            1K            1
             nhops            6            1K            8
       vnodemarker            2            1K           10
      NFSD session            1            1K            1
        CAM periph            4            1K          271
             ipsec            3            1K            3
          sctp_ifn            6            1K           19
               mld            6            1K            6
              igmp            6            1K            6
         toponodes            6            1K            6
            isadev            6            1K            6
             mount           16            1K           89
          pci_link           10            1K           10
 encap_export_host           12            1K           12
            crypto            3            1K            3
              pfil            4            1K            4
    chacha20random            1            1K            1
           CAM SIM            2            1K            2
              cdev            2            1K            2
            DEVFSP            8            1K            8
         sctp_atky            8            1K        20300
               osd            3            1K            9
            vnodes            1            1K            1
              ktls            1            1K            1
      NFSD lckfile            1            1K            1
     NFSD V4client            1            1K            1
             DEVFS            9            1K           10
            feeder            7            1K            7
       inpcbpolicy            7            1K          170
        loginclass            3            1K            7
            prison            6            1K            6
     CAM dev queue            2            1K            2
 CAM I/O Scheduler            1            1K            1
            apmdev            1            1K            1
          atkbddev            2            1K            2
          CAM path            4            1K         1034
           tcpfunc            2            1K            2
          pmchooks            1            1K            1
          filecaps            5            1K           69
            soname            4            1K        13234
         sctp_athm            6            1K        15231
          nexusdev            5            1K            5
          sctp_vrf            1            1K            1
          sctp_map            4            1K        10138
           entropy            2            1K           42
              vnet            1            1K            1
               pmc            1            1K            1
          acpiintr            1            1K            1
              cpus            2            1K            2
    vnet_data_free            1            1K            1
           Per-cpu            1            1K            1
               iov            1            1K        23556
          p1003.1b            1            1K            1
        sctp_mcore            0            0K            0
        sctp_socko            0            0K         5073
         sctp_iter            0            0K            7
         sctp_mvrf            0            0K            0
         sctp_cpal            0            0K            0
         sctp_cmsg            0            0K            0
         sctp_stre            0            0K            0
         sctp_athi            0            0K            0
         sctp_a_it            0            0K            7
         sctp_aadr            0            0K            0
          pf_table            0            0K            0
           pf_rule            0            0K            0
           pf_altq            0            0K            0
           pf_osfp            0            0K            0
           pf_temp            0            0K            0
            nvlist            0            0K            0
          SCSI ENC            0            0K            0
           SCSI sa            0            0K            0
        madt_table            0            0K            2
         scsi_pass            0            0K            0
         ciss_data            0            0K            0
          smartpqi            0            0K            0
            pvscsi            0            0K            0
           ath_hal            0            0K            0
            athdev            0            0K            0
           ata_pci            0            0K            0
           ata_dma            0            0K            0
       ata_generic            0            0K            0
               amr            0            0K            0
           scsi_da            0            0K           69
              iavf            0            0K            0
               ixl            0            0K            0
            ata_da            0            0K            0
           scsi_ch            0            0K            0
           scsi_cd            0            0K            0
            USBdev            0            0K            0
               USB            0            0K            0
       AHCI driver            0            0K            0
        ice-resmgr            0            0K            0
         ice-osdep            0            0K            0
               ice            0            0K            0
             axgbe            0            0K            0
       fpukern_ctx            0            0K            0
               agp            0            0K            0
          xen_intr            0            0K            0
           xen_hvm            0            0K            0
         legacydrv            0            0K            0
            qpidrv            0            0K            0
           nvme_da            0            0K            0
      dmar_idpgtbl            0            0K            0
          dmar_dom            0            0K            0
          dmar_ctx            0            0K            0
           acpipwr            0            0K            0
            twsbuf            0            0K            0
      twe_commands            0            0K            0
              isci            0            0K            0
      iommu_dmamap            0            0K            0
      twa_commands            0            0K            0
     hyperv_socket            0            0K            0
           bxe_ilt            0            0K            0
            xenbus            0            0K            0
       tcp_log_dev            0            0K            0
      midi buffers            0            0K            0
             mixer            0            0K            0
     vm_fictitious            0            0K            0
              ac97            0            0K            0
             hdacc            0            0K            0
              hdac            0            0K            0
              hdaa            0            0K            0
         acpi_perf            0            0K            0
         acpicmbat            0            0K            0
       SIIS driver            0            0K            0
           CAM CCB            0            0K         1881
           UMAHash            0            0K            0
         vm_pgdata            0            0K            0
           jblocks            0            0K            0
          savedino            0            0K          507
          sentinel            0            0K            0
            jfsync            0            0K            0
            jtrunc            0            0K            0
             sbdep            0            0K            3
           jsegdep            0            0K            0
              jseg            0            0K            0
         jfreefrag            0            0K            0
          jfreeblk            0            0K            0
           jnewblk            0            0K            0
            jmvref            0            0K            0
           jremref            0            0K            0
           jaddref            0            0K            0
           freedep            0            0K            0
          freefrag            0            0K            6
        allocindir            0            0K            0
       allocdirect            0            0K            0
          ufs_trim            0            0K            0
           mactemp            0            0K            0
     audit_trigger            0            0K            0
 audit_pipe_presel            0            0K            0
     audit_pipeent            0            0K            0
        audit_pipe            0            0K            0
      audit_evname            0            0K            0
         audit_bsm            0            0K            0
      audit_gidset            0            0K            0
        audit_text            0            0K            0
        audit_path            0            0K            0
        audit_data            0            0K            0
        audit_cred            0            0K            0
             xform            0            0K            0
               NLM            0            0K            0
    ipsec-spdcache            0            0K            0
         ipsec-reg            0            0K            0
        ipsec-misc            0            0K            0
      ipsecrequest            0            0K            0
            ip6opt            0            0K            3
       ip6_msource            0            0K            0
      ip6_moptions            0            0K            0
       in6_mfilter            0            0K            0
             frag6            0            0K            0
            tcplog            0            0K            0
               PUC            0            0K            0
               LRO            0            0K            0
      newreno data            0            0K            0
        ip_msource            0            0K            0
       ip_moptions            0            0K            0
        in_mfilter            0            0K            0
              ipid            0            0K            0
         80211scan            0            0K            0
      80211ratectl            0            0K            0
        80211power            0            0K            0
       80211nodeie            0            0K            0
         80211node            0            0K            0
      80211mesh_gt            0            0K            0
      80211mesh_rt            0            0K            0
         80211perr            0            0K            0
         80211prep            0            0K            0
         80211preq            0            0K            0
          80211dfs            0            0K            0
       80211crypto            0            0K            0
          80211vap            0            0K            0
             iflib            0            0K            0
              vlan            0            0K            0
               gif            0            0K            0
           ifdescr            0            0K            0
              zlib            0            0K            0
           fadvise            0            0K            0
          ppbusdev            0            0K            0
            statfs            0            0K         2733
       export_host            0            0K            0
        cl_savebuf            0            0K            2
agtiapi_MemAlloc malloc            0            0K            0
    osti_cacheable            0            0K            0
          tempbuff            0            0K            0
          tempbuff            0            0K            0
ag_tgt_map_t malloc            0            0K            0
ag_slr_map_t malloc            0            0K            0
lDevFlags * malloc            0            0K            0
tiDeviceHandle_t * malloc            0            0K            0
ag_portal_data_t malloc            0            0K            0
ag_device_t malloc            0            0K            0
     STLock malloc            0            0K            0
          CCB List            0            0K            0
            sr_iov            0            0K            0
               OCS            0            0K            0
               OCS            0            0K            0
              nvme            0            0K            0
               nvd            0            0K            0
            netmap            0            0K            0
            mwldev            0            0K            0
        MVS driver            0            0K            0
            biobuf            0            0K            0
              aios            0            0K            0
               lio            0            0K            0
               acl            0            0K            0
          mbuf_tag            0            0K          113
              accf            0            0K            0
               pts            0            0K            0
          ioctlops            0            0K           99
           Witness            0            0K            0
             stack            0            0K            0
     CAM ccb queue            0            0K            0
          mrsasbuf            0            0K            0
          mpt_user            0            0K            0
          mps_user            0            0K            0
            MPSSAS            0            0K            0
              sbuf            0            0K          288
               mps            0            0K            0
          firmware            0            0K            0
        compressor            0            0K            0
          mpr_user            0            0K            0
              SWAP            0            0K            0
            MPRSAS            0            0K            0
               mpr            0            0K            0
         sysctltmp            0            0K          618
            sysctl            0            0K            1
            mfibuf            0            0K            0
              ekcd            0            0K            0
            dumper            0            0K            0
          sendfile            0            0K            0
              rctl            0            0K            0
        md_sectors            0            0K            0
           md_disk            0            0K            0
           malodev            0            0K            0
               LED            0            0K            0
             cache            0            0K            0
          ix_sriov            0            0K            0
          kcovinfo            0            0K            0
      prison_racct            0            0K            0
       Fail Points            0            0K            0
             sigio            0            0K            1
filedesc_to_leader            0            0K            0
               pwd            0            0K            0
       tty console            0            0K            0
        aacraidcam            0            0K            0
                ix            0            0K            0
            ipsbuf            0            0K            0
            iirbuf            0            0K            0
       aacraid_buf            0            0K            0
            aaccam            0            0K            0
        isofs_node            0            0K            0
       isofs_mount            0            0K            0
     tr_raid5_data            0            0K            0
    tr_raid1e_data            0            0K            0
     tr_raid1_data            0            0K            0
     tr_raid0_data            0            0K            0
    tr_concat_data            0            0K            0
       md_sii_data            0            0K            0
   md_promise_data            0            0K            0
    md_nvidia_data            0            0K            0
   md_jmicron_data            0            0K            0
     md_intel_data            0            0K            0
       md_ddf_data            0            0K            0
         raid_data            0            0K           72
     geom_flashmap            0            0K            0
        tmpfs name            0            0K            0
       tmpfs mount            0            0K            0
           NFS FHA            0            0K            0
         newnfsmnt            0            0K            0
  newnfsclient_req            0            0K            0
   NFSCL layrecall            0            0K            0
     NFSCL session            0            0K            0
     NFSCL sockreq            0            0K            0
     NFSCL devinfo            0            0K            0
     NFSCL flayout            0            0K            0
      NFSCL layout            0            0K            0
     NFSD rollback            0            0K            0
NFSCL diroffdiroff            0            0K            0
       NEWdirectio            0            0K            0
        NEWNFSnode            0            0K            0
         NFSCL lck            0            0K            0
      NFSCL lckown            0            0K            0
      NFSCL client            0            0K            0
       NFSCL deleg            0            0K            0
        NFSCL open            0            0K            0
       NFSCL owner            0            0K            0
            NFS fh            0            0K            0
           NFS req            0            0K            0
     NFSD usrgroup            0            0K            0
       NFSD string            0            0K            0
       NFSD V4lock            0            0K            0
      NFSD V4state            0            0K            0
     NFSD srvcache            0            0K            0
       msdosfs_fat            0            0K            0
     msdosfs_mount            0            0K            0
      msdosfs_node            0            0K            0
            DEVFS4            0            0K            0
            DEVFS2            0            0K            0
            gntdev            0            0K            0
       privcmd_dev            0            0K            0
        evtchn_dev            0            0K            0
          xenstore            0            0K            0
            aacbuf            0            0K            0
               xnb            0            0K            0
              xbbd            0            0K            0
               xbd            0            0K            0
           Balloon            0            0K            0
          sysmouse            0            0K            0
            vtfont            0            0K            0
              zstd            0            0K            0
db> show uma
              Zone   Size    Used    Free    Requests  Sleeps  Bucket  Total Mem    XFree
      mbuf_cluster   2048    9526     126        9526       0     254   19767296        0
       mbuf_packet    256    8194    1204       38449       0     254    2405888        0
               512    512    4152      48        4153       0      30    2150400        0
          BUF TRIE    144     172   13296         511       0      62    1939392        0
              4096   4096     358       2         978       0       2    1474560        0
               128    128    9339     116       12235       0     126    1210240        0
         sctp_asoc   2288       2     508        5069       0     254    1166880        0
               512    512    2140      20        2834       0      30    1105920        0
   mbuf_jumbo_page   4096       0     254          10       0     254    1040384        0
              pbuf    832       0     969           0       0       2     806208        0
       UMA Slabs 0    112    6834       0        6834       0     126     765408        0
           sctp_ep   1280       2     508        5080       0     254     652800        0
               256    256    2215      80        2802       0      62     587520        0
            socket    960      22     486        6344       0     254     487680        0
             65536  65536       6       0           6       0       1     393216        0
        sctp_raddr    736       2     515        5069       0     254     380512        0
        RADIX NODE    144    2412     217       90145       0      62     378576        0
               128    128    2616      50        3865       0     126     341248        0
        256 Bucket   2048     149      11         398       0       8     327680        0
             VNODE    496     543      89        3105       0      30     313472        0
         VM OBJECT    264    1064      76       49709       0      30     300960        0
            THREAD   1792     144      18        3283       0       8     290304        0
             tcpcb   1040       3     261           7       0     254     274560        0
              mbuf    256     464     563      101403       0     254     262912        0
              4096   4096      57       5        3367       0       2     253952        0
         udp_inpcb    488       2     510         158       0     254     249856        0
             16384  16384       9       6        2572       0       1     245760        0
               256    256     413     517        3507       0      62     238080        0
                64     64    2834     505       19607       0     254     213696        0
            DEVCTL   1024      10     198         125       0       0     212992        0
                16     16   11838     662       37717       0     254     200000        0
             65536  65536       1       2          66       0       1     196608        0
             65536  65536       2       1          10       0       1     196608        0
               128    128    1370     149       24959       0     126     194432        0
         UMA Zones    768     226       1         226       0      16     174336        0
              1024   1024     137      23         155       0      16     163840        0
                32     32    4438     476       15361       0     254     157248        0
       S VFS Cache    104     985     419        3599       0     126     146016        0
       FFS2 dinode    256     509      61        3069       0      62     145920        0
               256    256     488      82        7601       0      62     145920        0
         MAP ENTRY     96    1114     398       90757       0     126     145152        0
             unpcb    256      11     499        1068       0     254     130560        0
             ripcb    488       2     254           5       0     254     124928        0
         tcp_inpcb    488       3     253           7       0     254     124928        0
          ksiginfo    112      62     982          95       0     126     116928        0
         vmem btag     56    1885     191        1885       0     254     116256        0
              2048   2048       9      47        1891       0       8     114688        0
           VMSPACE   2536      34      11        3343       0       4     114120        0
         FFS inode    160     509     191        3069       0      62     112000        0
              PROC   1312      56      25        3364       0       8     106272        0
         filedesc0   1080      56      28        3365       0       8      90720        0
             g_bio    408       0     210        5175       0      30      85680        0
        128 Bucket   1024      45      38         277       0      16      84992        0
          UMA Kegs    384     212       4         212       0      30      82944        0
        sctp_readq    152       1     519        2540       0     254      79040        0
        sctp_chunk    152       3     517        5081       0     254      79040        0
                64     64     680     391       19873       0     254      68544        0
               128    128     414     113        8098       0     126      67456        0
               128    128     322     205         402       0     126      67456        0
             65536  65536       0       1         110       0       1      65536        0
             16384  16384       3       1           6       0       1      65536        0
              8192   8192       7       1           9       0       1      65536        0
sctp_stream_msg_out    112       2     538        2561       0     254      60480        0
              4096   4096      13       1          14       0       2      57344        0
         64 Bucket    512      74      30        2190       0      30      53248        0
               256    256      66     129        2800       0      62      49920        0
               256    256     105      90         433       0      62      49920        0
               256    256      30     165        5469       0      62      49920        0
         32 Bucket    256      43     152         727       0      62      49920        0
           DIRHASH   1024      34      14          34       0      16      49152        0
             NAMEI   1024       0      48       22828       0      16      49152        0
              2048   2048       5      19         514       0       8      49152        0
              2048   2048       3      21        5337       0       8      49152        0
              1024   1024       6      42        5093       0      16      49152        0
               512    512      63      33          63       0      30      49152        0
               512    512      12      84       18312       0      30      49152        0
          syncache    168       0     264           5       0     254      44352        0
              8192   8192       2       3          30       0       1      40960        0
            clpbuf    832       0      48         101       0      16      39936        0
              pipe    760      21      29         307       0      16      38000        0
           64 pcpu      8    4155     453        4159       0     254      36864        0
             selfd     64      40     527        4019       0     254      36288        0
                64     64      14     553          35       0     254      36288        0
                64     64      13     554          13       0     254      36288        0
                64     64      57     510         119       0     254      36288        0
                64     64     227     340         260       0     254      36288        0
                64     64     448     119         634       0     254      36288        0
                64     64      34     533         354       0     254      36288        0
               128    128      51     228         111       0     126      35712        0
               128    128      24     255        2571       0     126      35712        0
               128    128       8     271         345       0     126      35712        0
     routing nhops    256      28     107          39       0      62      34560        0
           ttyoutq    256      72      63         160       0      62      34560        0
               256    256      52      83         182       0      62      34560        0
               256    256      62      73        8250       0      62      34560        0
         TURNSTILE    136     163      89         163       0      62      34272        0
        SLEEPQUEUE     88     163     221         163       0     126      33792        0
             32768  32768       1       0           1       0       1      32768        0
             32768  32768       1       0           1       0       1      32768        0
             32768  32768       0       1         112       0       1      32768        0
             32768  32768       1       0           1       0       1      32768        0
             16384  16384       2       0           2       0       1      32768        0
              8192   8192       4       0           4       0       1      32768        0
              4096   4096       4       4        2737       0       2      32768        0
              2048   2048       1      15          13       0       8      32768        0
              2048   2048       7       9           7       0       8      32768        0
              2048   2048       3      13         194       0       8      32768        0
              1024   1024       4      28        1019       0      16      32768        0
               512    512       2      62           3       0      30      32768        0
               512    512       8      56         327       0      30      32768        0
               512    512      27      37          28       0      30      32768        0
               512    512      28      36          29       0      30      32768        0
     mt_stats_zone     64     446      66         446       0     254      32768        0
         16 Bucket    144      43     181        4860       0      62      32256        0
            ttyinq    160     135      65         300       0      62      32000        0
             Files     80     127     273       14629       0     126      32000        0
            cpuset    104       7     272           7       0     126      29016        0
        sctp_laddr     48       2     586        2557       0     254      28224        0
         hostcache     96       1     293           1       0     254      28224        0
               PWD     32      17     865        2648       0     254      28224        0
          4 Bucket     48       7     581       10365       0     254      28224        0
        KMAP ENTRY     96      12     279          12       0     126      27936        0
              8192   8192       2       1          91       0       1      24576        0
              8192   8192       3       0           3       0       1      24576        0
           rtentry    176      35     103          39       0      62      24288        0
          rl_entry     40      41     565          41       0     254      24240        0
          8 Bucket     80      53     247        8703       0     126      24000        0
       Mountpoints   2816       2       6           2       0       4      22528        0
             udpcb     32       2     628         158       0     254      20160        0
                32     32      39     591        5456       0     254      20160        0
                32     32      54     576        2713       0     254      20160        0
                32     32     161     469        2935       0     254      20160        0
                32     32      59     571         235       0     254      20160        0
          2 Bucket     32      51     579       13421       0     254      20160        0
             KNOTE    160      26      99       14840       0      62      20000        0
          procdesc    136       2     143           8       0      62      19720        0
 epoch_record pcpu    256       4      60           4       0      62      16384        0
             16384  16384       0       1         136       0       1      16384        0
              4096   4096       2       2           5       0       2      16384        0
              4096   4096       3       1           3       0       2      16384        0
              2048   2048       6       2           6       0       8      16384        0
              2048   2048       0       8          32       0       8      16384        0
              1024   1024       2      14          42       0      16      16384        0
              1024   1024      10       6         143       0      16      16384        0
              1024   1024       3      13           3       0      16      16384        0
              1024   1024       6      10           6       0      16      16384        0
      vtnet_tx_hdr     24       0     668        1042       0     254      16032        0
           mt_zone     24     446     222         446       0     254      16032        0
              kenv    258       3      57        1000       0      30      15480        0
     FPU_save_area    832       1      17           1       0      16      14976        0
              vmem   1856       1       7           1       0       8      14848        0
                32     32     238     140         317       0     254      12096        0
                32     32      77     301          77       0     254      12096        0
                32     32      33     345         660       0     254      12096        0
                16     16      11     739          45       0     254      12000        0
                16     16     281     469         481       0     254      12000        0
                16     16      36     714       15276       0     254      12000        0
                16     16      35     715       28810       0     254      12000        0
                16     16      19     731          25       0     254      12000        0
              8192   8192       1       0           1       0       1       8192        0
              8192   8192       1       0           1       0       1       8192        0
              4096   4096       0       2           3       0       2       8192        0
           SMR CPU     32       2     253           2       0     254       8160        0
                16     16      18     482          19       0     254       8000        0
                16     16     187     313        1236       0     254       8000        0
        SMR SHARED     24       2     253           2       0     254       6120        0
       UMA Slabs 1    176       9      13           9       0      62       3872        0
          int pcpu      4      34     478          34       0     254       2048        0
       FFS1 dinode    128       0       0           0       0     126          0        0
             swblk    136       0       0           0       0      62          0        0
          swpctrie    144       0       0           0       0      62          0        0
   sctp_asconf_ack     48       0       0           0       0     254          0        0
       sctp_asconf     40       0       0           0       0     254          0        0
   pf state scrubs     40       0       0           0       0     254          0        0
   pf frag entries     40       0       0           0       0     254          0        0
          pf frags    248       0       0           0       0      62          0        0
  pf table entries    160       0       0           0       0      62          0        0
pf table entry counters     64       0       0           0       0     254          0        0
   pf source nodes    136       0       0           0       0     254          0        0
     pf state keys     88       0       0           0       0     126          0        0
         pf states    296       0       0           0       0     254          0        0
           pf tags    104       0       0           0       0     126          0        0
          pf mtags     48       0       0           0       0     254          0        0
       tcp_bbr_pcb    832       0       0           0       0      16          0        0
       tcp_bbr_map    128       0       0           0       0     126          0        0
     udplite_inpcb    488       0       0           0       0     254          0        0
      tcp_log_node    120       0       0           0       0     126          0        0
    tcp_log_bucket    176       0       0           0       0      62          0        0
           tcp_log    416       0       0           0       0     254          0        0
          tcpreass     48       0       0           0       0     254          0        0
tfo_ccache_entries     80       0       0           0       0     126          0        0
               tfo      4       0       0           0       0     254          0        0
          sackhole     32       0       0           0       0     254          0        0
             tcptw     88       0       0           0       0     254          0        0
               ipq     56       0       0           0       0     254          0        0
    IPsec SA lft_c     16       0       0           0       0     254          0        0
            itimer    352       0       0           0       0      30          0        0
            AIOLIO    280       0       0           0       0      30          0        0
             AIOCB    752       0       0           0       0      16          0        0
              AIOP     32       0       0           0       0     254          0        0
               AIO    208       0       0           0       0      62          0        0
        TMPFS node    232       0       0           0       0      62          0        0
      TMPFS dirent     64       0       0           0       0     254          0        0
           NCLNODE    592       0       0           0       0      16          0        0
             rentr     24       0       0           0       0     254          0        0
     LTS VFS Cache    360       0       0           0       0      30          0        0
       L VFS Cache    320       0       0           0       0      30          0        0
     STS VFS Cache    144       0       0           0       0      62          0        0
         VNODEPOLL    120       0       0           0       0     126          0        0
    crypto_session     72       0       0           0       0     126          0        0
           cryptop    280       0       0           0       0      30          0        0
      nvme_request    128       0       0           0       0     126          0        0
   IOMMU_MAP_ENTRY    120       0       0           0       0     126          0        0
      ktls_session    192       0       0           0       0      62          0        0
    mbuf_jumbo_16k  16384       0       0           0       0     254          0        0
     mbuf_jumbo_9k   9216       0       0           0       0     254          0        0
      audit_record   1280       0       0           0       0       8          0        0
         domainset     40       0       0           0       0     254          0        0
        MAC labels     40       0       0           0       0     254          0        0
            vnpbuf    832       0       0           0       0      62          0        0
            mdpbuf    832       0       0           0       0       4          0        0
           nfspbuf    832       0       0           0       0      16          0        0
            swwbuf    832       0       0           0       0       8          0        0
            swrbuf    832       0       0           0       0      16          0        0
          umtx_shm     88       0       0           0       0     126          0        0
           umtx pi     96       0       0           0       0     126          0        0
rangeset pctrie nodes    144       0       0           0       0      62          0        0
             65536  65536       0       0           0       0       1          0        0
             65536  65536       0       0           0       0       1          0        0
             65536  65536       0       0           0       0       1          0        0
             65536  65536       0       0           0       0       1          0        0
             32768  32768       0       0           0       0       1          0        0
             32768  32768       0       0           0       0       1          0        0
             32768  32768       0       0           0       0       1          0        0
             32768  32768       0       0           0       0       1          0        0
             16384  16384       0       0           0       0       1          0        0
             16384  16384       0       0           0       0       1          0        0
             16384  16384       0       0           0       0       1          0        0
             16384  16384       0       0           0       0       1          0        0
              8192   8192       0       0           0       0       1          0        0
              4096   4096       0       0           0       0       2          0        0
              1024   1024       0       0           0       0      16          0        0
            fakepg    104       0       0           0       0     126          0        0
          UMA Hash    256       0       0           0       0      62          0        0
db> 

Crashes (475):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-freebsd-main 2020/10/18 05:46 freebsd f0fd1b9d7d64 fea47c01 console log report syz
ci-freebsd-main 2020/10/06 12:08 freebsd 47705ebc6957 1880b4a9 console log report syz
ci-freebsd-main 2020/07/07 08:10 freebsd ea635969e425 695ef2dd console log report syz
ci-freebsd-main 2020/06/27 09:08 freebsd 5b7af651f9eb ffec44b5 console log report syz
ci-freebsd-main 2020/06/13 18:24 freebsd 430cfd638e7d dbce178a console log report syz
ci-freebsd-main 2020/06/05 16:30 freebsd 3be8dc9e048f 2420d1bc console log report syz
ci-freebsd-main 2020/05/18 01:34 freebsd b8c57b4bc0a7 37bccd4e console log report syz
ci-freebsd-main 2020/05/07 01:15 freebsd 2379f277ff14 4618eb2d console log report syz
ci-freebsd-i386 2020/10/06 12:34 freebsd 781a8746c25e 1880b4a9 console log report syz
ci-freebsd-i386 2020/07/07 07:20 freebsd ea635969e425 695ef2dd console log report syz
ci-freebsd-i386 2020/06/27 08:38 freebsd 5b7af651f9eb ffec44b5 console log report syz
ci-freebsd-i386 2020/06/20 07:45 freebsd 6328f17203f7 c655ec77 console log report syz
ci-freebsd-i386 2020/06/18 16:50 freebsd c8392f60819a 3ea11d3f console log report syz
ci-freebsd-i386 2020/06/15 16:27 freebsd ad49a04033c5 8e3ab941 console log report syz
ci-freebsd-i386 2020/06/14 21:19 freebsd 405e9d0fd06c 2a22c77a console log report syz
ci-freebsd-i386 2020/06/14 01:27 freebsd 430cfd638e7d dbce178a console log report syz
ci-freebsd-main 2021/01/04 17:07 freebsd de1aa3dab23c 79264ae3 console log report
ci-freebsd-main 2021/01/04 11:49 freebsd de1aa3dab23c 79264ae3 console log report
ci-freebsd-main 2021/01/03 06:38 freebsd de1aa3dab23c 79264ae3 console log report
ci-freebsd-main 2021/01/02 15:53 freebsd de1aa3dab23c 79264ae3 console log report
ci-freebsd-main 2021/01/02 12:07 freebsd de1aa3dab23c 79264ae3 console log report
ci-freebsd-main 2021/01/02 04:04 freebsd de1aa3dab23c 79264ae3 console log report
ci-freebsd-main 2020/12/31 16:54 freebsd de1aa3dab23c 79264ae3 console log report
ci-freebsd-main 2020/12/29 05:43 freebsd 9e4440ca5ba7 8259d56c console log report
ci-freebsd-main 2020/12/27 02:45 freebsd 9e4440ca5ba7 821e0b09 console log report
ci-freebsd-main 2020/12/26 22:40 freebsd 9e4440ca5ba7 821e0b09 console log report
ci-freebsd-main 2020/12/26 21:34 freebsd 9e4440ca5ba7 821e0b09 console log report
ci-freebsd-main 2020/12/26 04:30 freebsd 9e4440ca5ba7 821e0b09 console log report
ci-freebsd-main 2020/12/25 16:03 freebsd 9e4440ca5ba7 f8f67d67 console log report
ci-freebsd-main 2020/12/25 09:10 freebsd 9e4440ca5ba7 c2c1d1dd console log report
ci-freebsd-main 2020/12/24 10:11 freebsd 9e4440ca5ba7 c2c1d1dd console log report
ci-freebsd-main 2020/12/24 01:12 freebsd 9e4440ca5ba7 c2c1d1dd console log report
ci-freebsd-main 2020/12/23 10:01 freebsd 9e4440ca5ba7 04201c06 console log report
ci-freebsd-main 2020/12/22 10:05 freebsd 9e4440ca5ba7 04201c06 console log report
ci-freebsd-main 2020/12/22 00:20 freebsd 9e4440ca5ba7 04201c06 console log report
ci-freebsd-main 2020/12/21 18:55 freebsd 9e4440ca5ba7 04201c06 console log report
ci-freebsd-main 2020/12/21 14:26 freebsd 9e4440ca5ba7 04201c06 console log report
ci-freebsd-main 2020/12/19 00:24 freebsd b5356223336d 04201c06 console log report
ci-freebsd-main 2020/12/18 23:10 freebsd b5356223336d 04201c06 console log report
ci-freebsd-main 2020/12/15 09:45 freebsd 049df6297504 b22a7ec3 console log report
ci-freebsd-main 2020/12/14 02:59 freebsd e8057a638eef 8f160dd5 console log report
ci-freebsd-main 2020/12/12 23:52 freebsd 2aa5fca1f724 bca53db9 console log report
ci-freebsd-main 2020/12/12 03:40 freebsd 733c1b77359b bca53db9 console log report
ci-freebsd-main 2020/12/11 16:43 freebsd 519a1a7fed29 ba24ffcd console log report
ci-freebsd-main 2020/12/11 11:49 freebsd 519a1a7fed29 ba24ffcd console log report
ci-freebsd-main 2020/12/11 03:25 freebsd 2368600a0630 2a55c22b console log report
ci-freebsd-i386 2021/01/05 10:34 freebsd de1aa3dab23c a0234d98 console log report
ci-freebsd-i386 2021/01/03 13:08 freebsd de1aa3dab23c 79264ae3 console log report
ci-freebsd-i386 2021/01/03 09:56 freebsd de1aa3dab23c 79264ae3 console log report
ci-freebsd-i386 2020/12/31 08:16 freebsd de1aa3dab23c 5cc121d6 console log report
ci-freebsd-i386 2020/12/30 13:53 freebsd de1aa3dab23c ecb8c012 console log report
ci-freebsd-i386 2020/12/28 15:02 freebsd 9e4440ca5ba7 8259d56c console log report
ci-freebsd-i386 2020/12/26 08:23 freebsd 9e4440ca5ba7 821e0b09 console log report
ci-freebsd-i386 2020/12/25 01:36 freebsd 9e4440ca5ba7 c2c1d1dd console log report
ci-freebsd-i386 2020/12/23 15:04 freebsd 9e4440ca5ba7 c2c1d1dd console log report
ci-freebsd-i386 2020/12/22 19:26 freebsd 9e4440ca5ba7 04201c06 console log report
ci-freebsd-i386 2020/12/22 05:24 freebsd 9e4440ca5ba7 04201c06 console log report
ci-freebsd-i386 2020/12/19 16:10 freebsd e0bc4f1ac719 04201c06 console log report
ci-freebsd-i386 2020/12/19 03:08 freebsd ae337aedf062 04201c06 console log report
ci-freebsd-i386 2020/12/18 08:54 freebsd 11e6e1847836 04201c06 console log report
ci-freebsd-i386 2020/12/17 23:49 freebsd 11e6e1847836 04201c06 console log report
ci-freebsd-i386 2020/12/16 09:43 freebsd 12b9bdd9268e 649595c6 console log report
* Struck through repros no longer work on HEAD.