syzbot


Fatal trap 9: general protection fault in mb_free_ext

Status: fixed on 2021/05/12 09:03
Reported-by: syzbot+5cfb0e8cea5597ba0524@syzkaller.appspotmail.com
Fix commit: 1a04f0156c4e cryptodev: Fix some input validation bugs
First crash: 636d, last: 636d

Sample crash report:
Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer	= 0x20:0xffffffff8107d51d
stack pointer	        = 0x28:0xfffffe0051696440
frame pointer	        = 0x28:0xfffffe0051696470
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 12 (irq31: virtio_pci1)
trap number		= 9
panic: general protection fault
cpuid = 0
time = 25
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0051696110
vpanic() at vpanic+0x1c7/frame 0xfffffe0051696170
panic() at panic+0x43/frame 0xfffffe00516961d0
trap_fatal() at trap_fatal+0x4cd/frame 0xfffffe0051696250
trap() at trap+0xf7/frame 0xfffffe0051696370
calltrap() at calltrap+0x8/frame 0xfffffe0051696370
--- trap 0x9, rip = 0xffffffff8107d51d, rsp = 0xfffffe0051696440, rbp = 0xfffffe0051696470 ---
mb_free_ext() at mb_free_ext+0xcd/frame 0xfffffe0051696470
m_free() at m_free+0x1be/frame 0xfffffe00516964b0
m_freem() at m_freem+0x38/frame 0xfffffe00516964d0
tcp_do_segment() at tcp_do_segment+0x5e19/frame 0xfffffe00516965d0
tcp_input_with_port() at tcp_input_with_port+0x13d5/frame 0xfffffe0051696730
tcp_input() at tcp_input+0x1f/frame 0xfffffe0051696750
ip_input() at ip_input+0x388/frame 0xfffffe00516967f0
netisr_dispatch_src() at netisr_dispatch_src+0x107/frame 0xfffffe0051696850
ether_demux() at ether_demux+0x288/frame 0xfffffe00516968a0
ether_nh_input() at ether_nh_input+0x7b0/frame 0xfffffe0051696920
netisr_dispatch_src() at netisr_dispatch_src+0x107/frame 0xfffffe0051696980
ether_input() at ether_input+0xce/frame 0xfffffe00516969f0
vtnet_rxq_eof() at vtnet_rxq_eof+0xf4d/frame 0xfffffe0051696ad0
vtnet_rx_vq_process() at vtnet_rx_vq_process+0xe1/frame 0xfffffe0051696b10
ithread_loop() at ithread_loop+0x33f/frame 0xfffffe0051696bb0
fork_exit() at fork_exit+0xb3/frame 0xfffffe0051696bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0051696bf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 12 tid 100053 ]
Stopped at      kdb_enter+0x67: movq    $0,0x163a53e(%rip)
db> 
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs                        0x20
ds                        0x3b
es                        0x3b
fs                        0x13
gs                        0x1b
ss                        0x28
rax                       0x12
rcx         0xffffffff81137c20  vprintf+0x140
rdx                        0x1
rbx                          0
rsp         0xfffffe00516960f0
rbp         0xfffffe0051696110
rsi                          0
rdi         0xffffffff81137c56  vprintf+0x176
r8                           0
r9          0x8080808080808080
r10         0xfffffe0051695fe0
r11              0x1ffaefff59c
r12         0xffffffff82267ac0  ddb_dbbe
r13                          0
r14         0xffffffff81a73d06
r15         0xffffffff81a73d06
rip         0xffffffff8112ec47  kdb_enter+0x67
rflags                    0x86
kdb_enter+0x67: movq    $0,0x163a53e(%rip)
db> show proc
Process 12 (intr) at 0xfffff80004579a70:
 state: NORMAL
 uid: 0  gids: 0
 parent: pid 0 at 0xffffffff8271c6b0
 ABI: null
 flag: 0x10000284  flag2: 0
 reaper: 0xffffffff8271c6b0 reapsubtree: 12
 sigparent: 20
 vmspace: 0xffffffff8271d330
   (map 0xffffffff8271d330)
   (map.pmap 0xffffffff8271d3f0)
   (pmap 0xffffffff8271d450)
 threads: 23
100011                   I                                   [swi6: task queue]
100013                   I                                   [swi6: Giant taskq]
100018                   I                                   [swi5: fast taskq]
100030                   I                                   [swi4: clock (0)]
100031                   I                                   [swi4: clock (1)]
100032                   I                                   [swi1: netisr 0]
100033                   I                                   [swi3: vm]
100046                   I                                   [irq24: virtio_pci0]
100047                   I                                   [irq25: virtio_pci0]
100048                   I                                   [irq26: virtio_pci0]
100049                   I                                   [irq27: virtio_pci0]
100050                   I                                   [irq28: virtio_pci1]
100051                   I                                   [irq29: virtio_pci1]
100052                   I                                   [irq30: virtio_pci1]
100053                   Run     CPU 0                       [irq31: virtio_pci1]
100054                   I                                   [irq32: virtio_pci1]
100059                   I                                   [irq10: virtio_pci2]
100061                   I                                   [irq1: atkbd0]
100062                   I                                   [irq12: psm0]
100063                   I                                   [swi0: uart uart++]
100071                   I                                   [swi1: pf send]
100084                   I                                   [swi1: hpts]
100085                   I                                   [swi1: hpts]
db> ps
  pid  ppid  pgrp   uid  state   wmesg   wchan               cmd
20731   787   787     0  R       (threaded)                  syz-executor.3
340248                   RunQ                                syz-executor.3
340536                   S       uwait   0xfffff80030500500  syz-executor.3
11025 11016 11025     0  Ss      select  0xfffff80030d42a40  dhclient
11020     1 11020     0  Ss      select  0xfffff80030d42d40  dhclient
11016 11002   436    65  S       select  0xfffff80030d42bc0  dhclient
11002   436   436     0  S       wait    0xfffff80030bc2538  sh
10989     1 10989    65  Ss      select  0xfffff80030d42b40  dhclient
  843     1   843     0  Ss      select  0xfffff80030ab9740  dhclient
  834     1   834     0  Ss      select  0xfffff80030d42e40  dhclient
  787   780   787     0  Rs                                  syz-executor.3
  786   780   786     0  Rs                                  syz-executor.2
  783   780   783     0  Rs                                  syz-executor.1
  782   780   782     0  Rs                                  syz-executor.0
  780   778   778     0  R       (threaded)                  syz-fuzzer
100092                   S       uwait   0xfffff800049dd380  syz-fuzzer
100115                   S       nanslp  0xffffffff8273c8e1  syz-fuzzer
100116                   S       uwait   0xfffff80030500d80  syz-fuzzer
100117                   S       uwait   0xfffff80030500e80  syz-fuzzer
100118                   S       uwait   0xfffff80004f97600  syz-fuzzer
100119                   S       uwait   0xfffff80004f97000  syz-fuzzer
100120                   S       uwait   0xfffff80030ab9d00  syz-fuzzer
100121                   RunQ                                syz-fuzzer
102878                   S       kqread  0xfffff800305b0400  syz-fuzzer
  778   776   778     0  Ss      pause   0xfffff80004fa05e8  csh
  776   694   776     0  Rs                                  sshd
  760     1   760     0  Ss+     ttyin   0xfffff800049d7cb0  getty
  759     1   759     0  Ss+     ttyin   0xfffff80004ced8b0  getty
  758     1   758     0  Ss+     ttyin   0xfffff80004cedcb0  getty
  757     1   757     0  Ss+     ttyin   0xfffff80004cf40b0  getty
  756     1   756     0  Ss+     ttyin   0xfffff80004cf44b0  getty
  755     1   755     0  Ss+     ttyin   0xfffff80004cf48b0  getty
  754     1   754     0  Ss+     ttyin   0xfffff80004cf4cb0  getty
  753     1   753     0  Ss+     ttyin   0xfffff80004c6e0b0  getty
  752     1   752     0  Ss+     ttyin   0xfffff80004c6e4b0  getty
  698     1   698     0  Ss      nanslp  0xffffffff8273c8e0  cron
  694     1   694     0  Ss      select  0xfffff80030500c40  sshd
  507     1   507     0  Rs      CPU 1                       syslogd
  436     1   436     0  Ss      wait    0xfffff80004f86538  devd
  435     1   435    65  Ss      select  0xfffff80004f979c0  dhclient
  350     1   350     0  Ss      select  0xfffff80004f978c0  dhclient
  347     1   347     0  Ss      select  0xfffff80004f97c40  dhclient
   23     0     0     0  DL      syncer  0xffffffff8282bd50  [syncer]
   22     0     0     0  DL      vlruwt  0xfffff80004e8da70  [vnlru]
   21     0     0     0  RL      (threaded)                  [bufdaemon]
100081                   D       qsleep  0xffffffff8282ae00  [bufdaemon]
100086                   D       -       0xffffffff8220ae00  [bufspacedaemon-0]
100099                   RunQ                                [/ worker]
   20     0     0     0  DL      psleep  0xffffffff82852c08  [vmdaemon]
   19     0     0     0  DL      (threaded)                  [pagedaemon]
100079                   D       psleep  0xffffffff82847078  [dom0]
100087                   D       launds  0xffffffff82847084  [laundry: dom0]
100088                   D       umarcl  0xffffffff815c9350  [uma]
   18     0     0     0  DL      -       0xffffffff82570c78  [rand_harvestq]
   17     0     0     0  DL      waiting 0xffffffff82f2a828  [sctp_iterator]
   16     0     0     0  DL      pftm    0xffffffff82d793c0  [pf purge]
   15     0     0     0  DL      -       0xffffffff8282845c  [soaiod4]
    9     0     0     0  DL      -       0xffffffff8282845c  [soaiod3]
    8     0     0     0  DL      -       0xffffffff8282845c  [soaiod2]
    7     0     0     0  DL      -       0xffffffff8282845c  [soaiod1]
    6     0     0     0  DL      (threaded)                  [cam]
100044                   D       -       0xffffffff82448140  [doneq0]
100045                   D       -       0xffffffff824480c0  [async]
100078                   D       -       0xffffffff82447f90  [scanner]
   14     0     0     0  DL      seqstat 0xfffff8000463c888  [sequencer 00]
    5     0     0     0  DL      crypto_ 0xfffff8000462ed80  [crypto returns 1]
    4     0     0     0  DL      crypto_ 0xfffff8000462ed30  [crypto returns 0]
    3     0     0     0  DL      crypto_ 0xffffffff828445a0  [crypto]
   13     0     0     0  DL      (threaded)                  [geom]
100035                   D       -       0xffffffff8271c120  [g_event]
100036                   D       -       0xffffffff8271c128  [g_up]
100037                   D       -       0xffffffff8271c130  [g_down]
    2     0     0     0  DL      (threaded)                  [KTLS]
100028                   D       -       0xfffff80004574600  [thr_0]
100029                   D       -       0xfffff80004574680  [thr_1]
   12     0     0     0  RL      (threaded)                  [intr]
100011                   I                                   [swi6: task queue]
100013                   I                                   [swi6: Giant taskq]
100018                   I                                   [swi5: fast taskq]
100030                   I                                   [swi4: clock (0)]
100031                   I                                   [swi4: clock (1)]
100032                   I                                   [swi1: netisr 0]
100033                   I                                   [swi3: vm]
100046                   I                                   [irq24: virtio_pci0]
100047                   I                                   [irq25: virtio_pci0]
100048                   I                                   [irq26: virtio_pci0]
100049                   I                                   [irq27: virtio_pci0]
100050                   I                                   [irq28: virtio_pci1]
100051                   I                                   [irq29: virtio_pci1]
100052                   I                                   [irq30: virtio_pci1]
100053                   Run     CPU 0                       [irq31: virtio_pci1]
100054                   I                                   [irq32: virtio_pci1]
100059                   I                                   [irq10: virtio_pci2]
100061                   I                                   [irq1: atkbd0]
100062                   I                                   [irq12: psm0]
100063                   I                                   [swi0: uart uart++]
100071                   I                                   [swi1: pf send]
100084                   I                                   [swi1: hpts]
100085                   I                                   [swi1: hpts]
   11     0     0     0  RL      (threaded)                  [idle]
100003                   CanRun                              [idle: cpu0]
100004                   CanRun                              [idle: cpu1]
    1     0     1     0  SLs     wait    0xfffff8000452a538  [init]
   10     0     0     0  DL      audit_w 0xffffffff82844ab0  [audit]
    0     0     0     0  RLs     (threaded)                  [kernel]
100000                   D       swapin  0xffffffff8271c6b0  [swapper]
100005                   D       -       0xfffff80004144800  [if_config_tqg_0]
100006                   RunQ                                [softirq_0]
100007                   D       -       0xfffff80004144600  [softirq_1]
100008                   D       -       0xfffff80004144500  [if_io_tqg_0]
100009                   D       -       0xfffff80004144400  [if_io_tqg_1]
100010                   D       -       0xfffff8000457a600  [pci_hp taskq]
100012                   D       -       0xfffff8000457a300  [inm_free taskq]
100014                   D       -       0xfffff8000457a000  [linuxkpi_irq_wq]
100015                   D       -       0xfffff80004574e00  [thread taskq]
100016                   D       -       0xfffff80004574d00  [in6m_free taskq]
100017                   D       -       0xfffff80004574c00  [aiod_kick taskq]
100019                   D       -       0xfffff80004574900  [kqueue_ctx taskq]
100020                   D       -       0xfffff80004574800  [linuxkpi_short_wq_0]
100021                   D       -       0xfffff80004574800  [linuxkpi_short_wq_1]
100022                   D       -       0xfffff80004574800  [linuxkpi_short_wq_2]
100023                   D       -       0xfffff80004574800  [linuxkpi_short_wq_3]
100024                   D       -       0xfffff80004574700  [linuxkpi_long_wq_0]
100025                   D       -       0xfffff80004574700  [linuxkpi_long_wq_1]
100026                   D       -       0xfffff80004574700  [linuxkpi_long_wq_2]
100027                   D       -       0xfffff80004574700  [linuxkpi_long_wq_3]
100034                   D       -       0xfffff80004574000  [firmware taskq]
100038                   D       -       0xfffff800045c1d00  [crypto_0]
100039                   D       -       0xfffff800045c1d00  [crypto_1]
100055                   D       -       0xfffff800045c1700  [vtnet0 rxq 0]
100056                   D       -       0xfffff800045c1600  [vtnet0 txq 0]
100057                   D       -       0xfffff800045c1500  [vtnet0 rxq 1]
100058                   D       -       0xfffff800045c1400  [vtnet0 txq 1]
100060                   D       vtbslp  0xfffff80004972100  [virtio_balloon]
100064                   D       -       0xfffff80004973a00  [mca taskq]
100066                   D       -       0xffffffff81e20610  [deadlkres]
100073                   D       -       0xfffff80004c3e700  [acpi_task_0]
100074                   D       -       0xfffff80004c3e700  [acpi_task_1]
100075                   D       -       0xfffff80004c3e700  [acpi_task_2]
100077                   D       -       0xfffff800045c1c00  [CAM taskq]
20728   782   782     0  Z                                   syz-executor.0
db> show all locks
Process 776 (sshd) thread 0xfffffe0094bb0560 (100114)
exclusive sx so_snd_sx (so_snd_sx) r = 0 (0xfffff80004fe6d90) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:467
Process 507 (syslogd) thread 0xfffffe00557e83a0 (100101)
exclusive lockmgr ufs (ufs) r = 0 (0xfffff800304c3230) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1145
Process 12 (intr) thread 0xfffffe00042c4740 (100053)
exclusive rw tcpinp (tcpinp) r = 0 (0xfffff800305899a8) locked @ /syzkaller/managers/main/kernel/sys/netinet/in_pcb.c:2524
exclusive sleep mutex vtnet0-rx1 (vtnet0-rx1) r = 0 (0xfffff80004978d40) locked @ /syzkaller/managers/main/kernel/sys/dev/virtio/network/if_vtnet.c:2181
db> show malloc
              Type        InUse        MemUse     Requests
           pf_hash            5        11524K            5
            devbuf         4216         4340K         4244
               pcb         3191         3995K       142821
          tcp_hpts            5         3201K            5
         sysctloid        33718         1992K        33785
             vtbuf           24         1968K           46
         sctp_stro         1544         1544K        16073
              kobj          332         1328K          492
         sctp_atcl         3078         1155K        55985
            newblk            9         1026K       220325
          vfscache            3         1025K            3
          inodedep         1094          922K       228033
         ufs_quota            1          512K            1
          vfs_hash            1          512K            1
           callout            2          512K            2
              intr            4          472K            4
            dirrem         1085          272K       223356
           subproc          135          254K       220702
         sctp_atky         4622          193K        72234
            acpica         1674          184K        55406
         vnet_data            1          168K            1
           tidhash            3          141K            3
          freefile         1085          136K       223232
           pagedep           11          131K       221281
        tfo_ccache            1          128K            1
            DEVFS1          107          107K          124
               sem            4          106K            4
            linker          294          102K          330
           pf_osfp          813           95K          813
         sctp_timw          370           93K          370
          filedesc           12           89K       439335
               bus          995           81K         3509
          mtx_pool            2           72K            2
          syncache            1           68K            1
          acpitask            1           64K            1
       ddb_capture            1           64K            1
            module          508           64K          508
               BPF           30           53K           30
          sctp_map         3088           49K        32146
         sctp_athm         3078           49K        56521
              umtx          352           44K          352
           kdtrace          210           42K       461161
              vmem            3           34K            6
              temp           35           33K        15659
         hostcache            1           32K            1
               shm            1           32K         2496
            DEVFS3          126           32K          136
               msg            4           30K            4
        gtaskqueue           18           26K           18
            kbdmux            6           22K            6
        DEVFS_RULE           56           20K           56
            ifaddr           68           20K           72
          routetbl          157           17K          501
         ufs_mount            5           17K            6
              proc            3           17K            3
           lltable           51           17K         1420
               tty           16           16K           16
           ithread           99           16K           99
            bus-sc           33           14K         1719
            KTRACE          100           13K          100
             ifnet            7           13K            7
       ether_multi          152           13K         8998
              kenv           93           12K           93
      eventhandler          133           12K          133
            ip6opt           45           10K        24276
              rman           84           10K          425
              GEOM           60           10K          489
         in6_multi           65            9K           65
         bmsafemap            2            9K       225907
              cred           33            9K        20457
              UART           12            9K           12
           devstat            4            9K            4
              ksem            1            8K            1
               rpc            2            8K            2
             shmfd            1            8K            1
       pfs_vncache            1            8K            1
         pfs_nodes           20            8K           20
     audit_evclass          236            8K          294
         taskqueue           60            7K           60
            sglist            5            7K            5
           CAM DEV            3            6K          510
            kqueue           58            6K       220627
            plimit           22            6K         9812
         CAM queue            5            6K         1528
            DEVFSP           76            5K        15166
       ufs_dirhash           24            5K           24
               UMA          265            5K          265
          pf_ifnet           10            5K           19
                vt           11            5K           11
           memdesc            1            4K            1
               MCA           32            4K           32
             evdev            4            4K            4
          kcovinfo           64            4K           68
       inpcbpolicy          117            4K       229282
           acpisem           28            4K           28
           session           28            4K           44
           pwddesc           55            4K       220623
             hhook           13            4K           13
       fpukern_ctx            3            3K            3
             lockf           26            3K         1014
          terminal           11            3K           11
         proc-args           47            3K          650
           uidinfo            4            3K          863
        local_apic            1            2K            1
           io_apic            1            2K            1
         ipsec-saq            2            2K            2
            ip6ndp           12            2K           13
          sctp_ifa           14            2K           15
            Unitno           30            2K           47
            select           13            2K           37
           CAM XPT           22            2K          543
             selfd           25            2K      2890555
          in_multi            6            2K         1951
           tcp_fsb           10            2K        10026
       ipsecpolicy            2            2K            2
           acpidev           20            2K           20
               msi            9            2K            9
             clone            9            2K            9
               tun            7            2K            7
          freework            5            2K       219668
           softdep            1            1K            1
             mkdir            8            1K       439312
          freeblks            4            1K       219667
            sahead            1            1K            1
          secasvar            1            1K            1
             nhops            6            1K            8
       vnodemarker            2            1K        10522
      NFSD session            1            1K            1
        CAM periph            4            1K          271
             ipsec            3            1K            3
          sctp_ifn            6            1K           15
         newdirblk            6            1K       219656
               mld            6            1K            6
              igmp            6            1K            6
         toponodes            6            1K            6
            isadev            6            1K            6
             mount           16            1K           89
          pci_link           10            1K           10
            crypto            4            1K            4
 encap_export_host           12            1K           12
            diradd            4            1K       223392
              pfil            4            1K            4
           CAM SIM            2            1K            2
               iov            2            1K        61244
              cdev            2            1K            2
    chacha20random            1            1K            1
          procdesc            3            1K           10
        ip_msource            5            1K           62
               osd            3            1K           10
      NFSD lckfile            1            1K            1
     NFSD V4client            1            1K            1
             DEVFS            9            1K           10
            vnodes            1            1K            1
              ktls            1            1K            1
            feeder            7            1K            7
       ip6_msource            3            1K            9
           tcpfunc            3            1K            3
        loginclass            3            1K            6
            prison            6            1K            6
             linux            5            1K            6
        aesni_data            2            1K            2
            apmdev            1            1K            1
          atkbddev            2            1K            2
     CAM dev queue            2            1K            2
 CAM I/O Scheduler            1            1K            1
             xform            2            1K        16135
          CAM path            4            1K         1034
          pmchooks            1            1K            1
          nexusdev            7            1K            7
            soname            4            1K       175957
          sctp_vrf            1            1K            1
              vnet            1            1K            1
           entropy            2            1K           43
          acpiintr            1            1K            1
               pmc            1            1K            1
          filecaps            3            1K           83
              cpus            2            1K            2
    vnet_data_free            1            1K            1
           Per-cpu            1            1K            1
          p1003.1b            1            1K            1
            tcp_do            0            0K            0
            mqdata            0            0K            0
        sctp_mcore            0            0K            0
        sctp_socko            0            0K         4923
         sctp_iter            0            0K           11
         sctp_mvrf            0            0K            0
         sctp_cpal            0            0K            0
         sctp_cmsg            0            0K            0
         sctp_stre            0            0K            0
         sctp_athi            0            0K            0
         sctp_a_it            0            0K           11
         sctp_aadr            0            0K            3
         sctp_stri            0            0K          352
          pf_table            0            0K            0
           pf_rule            0            0K          237
           pf_altq            0            0K            0
           pf_temp            0            0K            0
       NFSD string            0            0K            0
       NFSD V4lock            0            0K            0
        madt_table            0            0K            2
          smartpqi            0            0K            0
      NFSD V4state            0            0K            0
     NFSD srvcache            0            0K            0
       msdosfs_fat            0            0K            0
     msdosfs_mount            0            0K            0
      msdosfs_node            0            0K            0
              iavf            0            0K            0
               ixl            0            0K            0
            DEVFS4            0            0K            0
            DEVFS2            0            0K            0
            gntdev            0            0K            0
       privcmd_dev            0            0K            0
        ice-resmgr            0            0K            0
         ice-osdep            0            0K            0
               ice            0            0K            0
             axgbe            0            0K            0
        evtchn_dev            0            0K            0
          xenstore            0            0K            0
         ciss_data            0            0K            0
         BACKLIGHT            0            0K            0
               xnb            0            0K            0
              xbbd            0            0K            0
               xbd            0            0K            0
           Balloon            0            0K            0
          sysmouse            0            0K            0
            vtfont            0            0K            0
          xen_intr            0            0K            0
           xen_hvm            0            0K            0
         legacydrv            0            0K            0
            qpidrv            0            0K            0
           ath_hal            0            0K            0
            athdev            0            0K            0
      dmar_idpgtbl            0            0K            0
          dmar_dom            0            0K            0
          dmar_ctx            0            0K            0
           ata_pci            0            0K            0
           ata_dma            0            0K            0
       ata_generic            0            0K            0
              isci            0            0K            0
      iommu_dmamap            0            0K            0
               amr            0            0K            0
     hyperv_socket            0            0K            0
           bxe_ilt            0            0K            0
            xenbus            0            0K            0
            pvscsi            0            0K            0
           scsi_da            0            0K           69
     vm_fictitious            0            0K            0
            ata_da            0            0K            0
           scsi_ch            0            0K            0
           scsi_cd            0            0K            0
       AHCI driver            0            0K            0
            USBdev            0            0K            0
               USB            0            0K            0
               agp            0            0K            0
           nvme_da            0            0K            0
           UMAHash            0            0K            0
           acpipwr            0            0K            0
         acpi_perf            0            0K            0
         vm_pgdata            0            0K            0
           jblocks            0            0K            0
          savedino            0            0K       164359
          sentinel            0            0K            0
            jfsync            0            0K            0
            jtrunc            0            0K            0
             sbdep            0            0K         5289
           jsegdep            0            0K            0
              jseg            0            0K            0
         jfreefrag            0            0K            0
          jfreeblk            0            0K            0
           jnewblk            0            0K            0
            jmvref            0            0K            0
           jremref            0            0K            0
           jaddref            0            0K            0
           freedep            0            0K            0
          freefrag            0            0K           12
        allocindir            0            0K            0
          indirdep            0            0K           10
       allocdirect            0            0K            0
          ufs_trim            0            0K            0
           mactemp            0            0K            0
     audit_trigger            0            0K            0
 audit_pipe_presel            0            0K            0
     audit_pipeent            0            0K            0
        audit_pipe            0            0K            0
      audit_evname            0            0K            0
         audit_bsm            0            0K            0
      audit_gidset            0            0K            0
        audit_text            0            0K            0
        audit_path            0            0K            0
        audit_data            0            0K            0
        audit_cred            0            0K            0
            twsbuf            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
         MLX5E_TLS            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
            MLX5EN            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
          MLX5DUMP            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
          seq_file            0            0K            0
             radix            0            0K            0
               idr            0            0K            0
            lkpifw            0            0K            0
               NLM            0            0K            0
    ipsec-spdcache            0            0K            0
         ipsec-reg            0            0K            0
        ipsec-misc            0            0K            0
      ipsecrequest            0            0K            0
      ip6_moptions            0            0K         1439
       in6_mfilter            0            0K          685
             frag6            0            0K           13
            tcplog            0            0K            0
        tcp_hwpace            0            0K            0
      twe_commands            0            0K            0
               LRO            0            0K            0
      newreno data            0            0K            0
       ip_moptions            0            0K         6725
        in_mfilter            0            0K         5979
              ipid            0            0K            0
         80211scan            0            0K            0
      80211ratectl            0            0K            0
        80211power            0            0K            0
       80211nodeie            0            0K            0
         80211node            0            0K            0
      80211mesh_gt            0            0K            0
      80211mesh_rt            0            0K            0
         80211perr            0            0K            0
         80211prep            0            0K            0
         80211preq            0            0K            0
          80211dfs            0            0K            0
       80211crypto            0            0K            0
          80211vap            0            0K            0
             iflib            0            0K            0
              vlan            0            0K            0
               gif            0            0K            0
           ifdescr            0            0K            0
              zlib            0            0K            0
           fadvise            0            0K            0
           VN POLL            0            0K            0
      twa_commands            0            0K            0
            statfs            0            0K       232283
     namei_tracker            0            0K          845
       export_host            0            0K            0
        cl_savebuf            0            0K            5
       tcp_log_dev            0            0K         4052
      midi buffers            0            0K            0
             mixer            0            0K            0
              ac97            0            0K            0
             hdacc            0            0K            0
              hdac            0            0K            0
              hdaa            0            0K            0
         acpicmbat            0            0K            0
       SIIS driver            0            0K            0
           CAM CCB            0            0K        66640
               PUC            0            0K            0
          ppbusdev            0            0K            0
agtiapi_MemAlloc malloc            0            0K            0
    osti_cacheable            0            0K            0
          tempbuff            0            0K            0
            biobuf            0            0K            0
              aios            0            0K            0
               lio            0            0K            0
               acl            0            0K            0
          tempbuff            0            0K            0
          mbuf_tag            0            0K         5203
ag_tgt_map_t malloc            0            0K            0
ag_slr_map_t malloc            0            0K            0
lDevFlags * malloc            0            0K            0
tiDeviceHandle_t * malloc            0            0K            0
ag_portal_data_t malloc            0            0K            0
ag_device_t malloc            0            0K            0
     STLock malloc            0            0K            0
          CCB List            0            0K            0
            sr_iov            0            0K            0
               OCS            0            0K            0
               OCS            0            0K            0
              nvme            0            0K            0
               nvd            0            0K            0
            netmap            0            0K            0
            mwldev            0            0K            0
        MVS driver            0            0K            0
     CAM ccb queue            0            0K            0
          mrsasbuf            0            0K            0
          mpt_user            0            0K            0
          mps_user            0            0K            0
              accf            0            0K            0
               pts            0            0K            0
          ioctlops            0            0K        98415
           eventfd            0            0K            0
           Witness            0            0K            0
             stack            0            0K            0
            MPSSAS            0            0K            0
               mps            0            0K            0
          mpr_user            0            0K            0
            MPRSAS            0            0K            0
               mpr            0            0K            0
            mfibuf            0            0K            0
              sbuf            0            0K          306
        md_sectors            0            0K            0
          firmware            0            0K            0
        compressor            0            0K            0
           md_disk            0            0K            0
              SWAP            0            0K            0
           malodev            0            0K            0
               LED            0            0K            0
         sysctltmp            0            0K         2129
            sysctl            0            0K            3
              ekcd            0            0K            0
            dumper            0            0K            0
          sendfile            0            0K            0
              rctl            0            0K            0
          ix_sriov            0            0K            0
        aacraidcam            0            0K            0
       aacraid_buf            0            0K            0
                ix            0            0K            0
            ipsbuf            0            0K            0
             cache            0            0K            0
            iirbuf            0            0K            0
      prison_racct            0            0K            0
       Fail Points            0            0K            0
             sigio            0            0K         3182
filedesc_to_leader            0            0K            0
               pwd            0            0K            0
       tty console            0            0K            0
            aaccam            0            0K            0
            aacbuf            0            0K            0
              zstd            0            0K            0
            XZ_DEC            0            0K            0
            nvlist            0            0K            0
          SCSI ENC            0            0K            0
           SCSI sa            0            0K            0
         scsi_pass            0            0K            0
        isofs_node            0            0K            0
       isofs_mount            0            0K            0
     tr_raid5_data            0            0K            0
    tr_raid1e_data            0            0K            0
     tr_raid1_data            0            0K            0
     tr_raid0_data            0            0K            0
    tr_concat_data            0            0K            0
       md_sii_data            0            0K            0
   md_promise_data            0            0K            0
    md_nvidia_data            0            0K            0
   md_jmicron_data            0            0K            0
     md_intel_data            0            0K            0
       md_ddf_data            0            0K            0
         raid_data            0            0K           72
     geom_flashmap            0            0K            0
         tmpfs dir            0            0K            0
        tmpfs name            0            0K            0
       tmpfs mount            0            0K            0
           NFS FHA            0            0K            0
         newnfsmnt            0            0K            0
  newnfsclient_req            0            0K            0
   NFSCL layrecall            0            0K            0
     NFSCL session            0            0K            0
     NFSCL sockreq            0            0K            0
     NFSCL devinfo            0            0K            0
     NFSCL flayout            0            0K            0
      NFSCL layout            0            0K            0
     NFSD rollback            0            0K            0
      NFSCL diroff            0            0K            0
       NEWdirectio            0            0K            0
        NEWNFSnode            0            0K            0
         NFSCL lck            0            0K            0
      NFSCL lckown            0            0K            0
      NFSCL client            0            0K            0
       NFSCL deleg            0            0K            0
        NFSCL open            0            0K            0
       NFSCL owner            0            0K            0
            NFS fh            0            0K            0
           NFS req            0            0K            0
     NFSD usrgroup            0            0K            0
db> show uma
              Zone   Size    Used    Free    Requests  Sleeps  Bucket  Total Mem    XFree
   mbuf_jumbo_page   4096    8344     906      242060       0     254   37888000        0
         sctp_asoc   2288    1544     386       16073       0     254    4415840        0
       malloc-2048   2048    1537     369       39739       0       8    3903488        0
              mbuf    256   11406    1119     1157157       0     254    3206400        0
              pbuf   2624       0     973           0       0       2    2553152        0
           sctp_ep   1280    1534     386       39736       0     254    2457600        0
        malloc-384    384    1128    5052      228099       0      30    2373120        0
       malloc-1024   1024    1549     383       16096       0      16    1978368        0
          BUF TRIE    144     201   13267       37596       0      62    1939392        0
      mbuf_cluster   2048     885       3        1221       0     254    1818624        0
        malloc-256    256    1185    5100      690212       0      62    1608960        0
             tcpcb   1064      99    1406       71737       0     254    1601320        0
        malloc-384    384    4116       4        4116       0      30    1582080        0
        malloc-384    384    3173     767       56080       0      30    1512960        0
            socket    944     127    1437      285376       0     254    1476416        0
        sctp_raddr    736    1544     392       16923       0     254    1424896        0
        malloc-128    128   11060      38       11533       0     126    1420544        0
       malloc-4096   4096     332       2        4993       0       2    1368064        0
       UMA Slabs 0    112   12113      16       12113       0     126    1358448        0
        malloc-256    256      35    4825      175503       0      62    1244160        0
        malloc-128    128    2407    5126      931823       0     126     964224        0
        RADIX NODE    144    5653     420     6030252       0      67     874512        0
         FFS inode   1160     634      52      223867       0       9     795760        0
         tcp_inpcb    488     230    1306       71737       0     254     749568        0
        malloc-256    256    1556     409      261304       0      62     503040        0
       tcp_bbr_pcb    832       4     590       10326       0      16     494208        0
           tcp_log    416       0    1152       16413       0     254     479232        0
        256 Bucket   2048     193      15       15956       0       8     425984        0
         VM OBJECT    264    1459     146     3110195       0      30     423720        0
         malloc-64     64    5575     473      248521       0     254     387072        0
            lkpimm    160       1    2324           1       0      62     372000        0
          lkpicurr    160       2    2323           2       0      62     372000        0
             VNODE    448     672      93      223907       0      30     342720        0
            THREAD   1808     153      23      240537       0       8     318208        0
       malloc-4096   4096      66      10      220633       0       2     311296        0
         malloc-32     32    8297     901       61872       0     254     294336        0
         malloc-16     16   16834     916       70325       0     254     284000        0
      malloc-16384  16384      10       7      219847       0       1     278528        0
        sctp_chunk    152    1417     403        4009       0     254     276640        0
      tcp_rack_pcb    832      10     314       10026       0      16     269568        0
      malloc-65536  65536       4       0           4       0       1     262144        0
       tcp_bbr_map    128      12    1786       20331       0     126     230144        0
       mbuf_packet    256     221     664      261689       0     254     226560        0
            DEVCTL   1024       8     208         132       0       0     221184        0
             ripcb    488       5     419      109853       0     254     206912        0
      malloc-65536  65536       1       2         257       0       1     196608        0
       FFS2 dinode    256     634     116      223866       0      62     192000        0
         MAP ENTRY     96    1310     664    12167153       0     127     189504        0
         UMA Zones    768     237       2         237       0      16     183552        0
         vmem btag     56    3023      61        3023       0     254     172704        0
        128 Bucket   1024     125      42       57769       0      16     171008        0
        malloc-128    128    1050     283        7623       0     126     170624        0
       malloc-2048   2048       2      78       66642       0       8     163840        0
         64 Bucket    512     227      77       75503       0      30     155648        0
       S VFS Cache    104    1025     379      239508       0     126     146016        0
      tcp_rack_map    112      38    1258       15558       0     126     145152        0
      malloc-65536  65536       2       0           2       0       1     131072        0
      malloc-65536  65536       0       2           8       0       1     131072        0
      malloc-65536  65536       0       2          16       0       1     131072        0
     udplite_inpcb    488       0     256       35156       0     254     124928        0
           VMSPACE   2544      32      16      220601       0       4     122112        0
             g_bio    408       0     290      264007       0      30     118320        0
          ksiginfo    112      64     980        7889       0     126     116928        0
       malloc-1024   1024     108       4         128       0      16     114688        0
         malloc-64     64     234    1404       42521       0     254     104832        0
              PROC   1336      55      23      220622       0       8     104208        0
        malloc-256    256     390      15        2503       0      62     103680        0
         32 Bucket    256     235     170       42083       0      62     103680        0
       malloc-8192   8192       8       4         138       0       1      98304        0
        malloc-256    256     236     139      255619       0      62      96000        0
        malloc-128    128     715      29         829       0     126      95232        0
        malloc-128    128     308     374       10518       0     126      87296        0
          UMA Kegs    384     222       1         222       0      30      85632        0
            clpbuf   2624       0      32          22       0      16      83968        0
         filedesc0   1072      55      22      220623       0       8      82544        0
       malloc-4096   4096      15       3         286       0       2      73728        0
         malloc-16     16    3402    1098       36176       0     254      72000        0
      malloc-65536  65536       1       0           1       0       1      65536        0
      malloc-65536  65536       1       0           1       0       1      65536        0
      malloc-32768  32768       0       2         130       0       1      65536        0
      malloc-32768  32768       2       0           2       0       1      65536        0
      tcp_log_node    120       0     528        1912       0     126      63360        0
       malloc-4096   4096      15       0         547       0       2      61440        0
        malloc-256    256     105     135      221824       0      62      61440        0
         malloc-64     64     570     249       32166       0     254      52416        0
         malloc-32     32     214    1424      351083       0     254      52416        0
         udp_inpcb    488       6      98       12536       0     254      50752        0
      malloc-16384  16384       3       0           3       0       1      49152        0
      malloc-16384  16384       0       3         320       0       1      49152        0
       malloc-2048   2048       6      18        2501       0       8      49152        0
         malloc-64     64     203     553     2905851       0     254      48384        0
              pipe    744      22      43       93485       0      16      48360        0
        malloc-128    128     117     255         479       0     126      47616        0
        malloc-256    256      57     123      249206       0      62      46080        0
       malloc-2048   2048       4      18         511       0       8      45056        0
         malloc-64     64     144     549      447240       0     254      44352        0
        malloc-256    256     153      12        4230       0      62      42240        0
           DIRHASH   1024      34       6          34       0      16      40960        0
       malloc-8192   8192       5       0           5       0       1      40960        0
       malloc-8192   8192       3       2           5       0       1      40960        0
       malloc-4096   4096       4       6      232290       0       2      40960        0
            pcpu-8      8    4635     485        6162       0     254      40960        0
         malloc-64     64     485     145       16625       0     254      40320        0
             Files     80     209     291      789094       0     126      40000        0
        malloc-128    128      49     261      219716       0     126      39680        0
        malloc-384    384      29      71        1761       0      30      38400        0
             NAMEI   1024       0      36      996688       0      16      36864        0
        malloc-512    512       4      68         864       0      30      36864        0
      malloc-32768  32768       1       0           1       0       1      32768        0
       malloc-2048   2048      11       5        1572       0       8      32768        0
           pcpu-64     64     480      32         480       0     254      32768        0
       malloc-2048   2048       2      12         288       0       8      28672        0
         TURNSTILE    136     177      33         177       0      62      28560        0
               PWD     32      17     865      219782       0     254      28224        0
         16 Bucket    144     132      64       13003       0      62      28224        0
             KNOTE    160      28     147     1670746       0      62      28000        0
          8 Bucket     80      93     257       14460       0     126      28000        0
             unpcb    256      15      90        7623       0     254      26880        0
       malloc-1024   1024      10      14        1466       0      16      24576        0
       malloc-1024   1024      18       6          22       0      16      24576        0
        malloc-512    512      10      38       10530       0      30      24576        0
         malloc-32     32     444     312        5724       0     254      24192        0
          4 Bucket     48       6     498        4014       0     254      24192        0
            ttyinq    160     135      15         300       0      62      24000        0
           ttyoutq    256      72      18         160       0      62      23040        0
        malloc-384    384      52       8          52       0      30      23040        0
sctp_stream_msg_out    112     138      42        3945       0     254      20160        0
         malloc-32     32     108     522      223371       0     254      20160        0
          2 Bucket     32      57     573       18442       0     254      20160        0
      vtnet_tx_hdr     24       0     835      259541       0     254      20040        0
        SLEEPQUEUE     88     177      47         177       0     126      19712        0
       Mountpoints   2752       2       5           2       0       4      19264        0
      malloc-16384  16384       1       0           1       0       1      16384        0
       malloc-8192   8192       2       0           2       0       1      16384        0
       malloc-2048   2048       5       3         230       0       8      16384        0
       malloc-1024   1024      12       4         611       0      16      16384        0
       malloc-1024   1024      11       5          11       0      16      16384        0
         malloc-64     64     136     116         206       0     254      16128        0
       malloc-1024   1024       8       4           9       0      16      12288        0
        malloc-512    512       3      21         205       0      30      12288        0
    tcp_log_bucket    176       0      69         192       0      62      12144        0
              PGRP     88      28     110       10161       0     126      12144        0
             udpcb     32       6     372       47692       0     254      12096        0
         malloc-32     32      32     346       21545       0     254      12096        0
              kenv    258      15      30        1059       0      30      11610        0
     routing nhops    256      27      18          37       0      62      11520        0
       malloc-8192   8192       1       0           1       0       1       8192        0
       malloc-8192   8192       1       0           1       0       1       8192        0
       malloc-8192   8192       1       0           1       0       1       8192        0
       malloc-4096   4096       0       2          21       0       2       8192        0
       malloc-2048   2048       1       3       78518       0       8       8192        0
       malloc-1024   1024       0       8           8       0      16       8192        0
        malloc-512    512       0      16           4       0      30       8192        0
        malloc-512    512       0      16          13       0      30       8192        0
        malloc-512    512       8       8           8       0      30       8192        0
           rtentry    176      30      16          37       0      62       8096        0
          rl_entry     40      79     123          79       0     254       8080        0
        sctp_laddr     48       4     164        1902       0     254       8064        0
               ipq     56       0     144          34       0     254       8064        0
         malloc-64     64       8     118         676       0     254       8064        0
         malloc-32     32      10     242        4488       0     254       8064        0
         malloc-32     32      37     215         892       0     254       8064        0
         malloc-16     16       3     497         898       0     254       8000        0
         malloc-16     16      20     480          59       0     254       8000        0
         malloc-16     16      28     472          29       0     254       8000        0
         malloc-16     16     188     312        2103       0     254       8000        0
         malloc-16     16      32     468       94889       0     254       8000        0
         malloc-16     16      14     486        4829       0     254       8000        0
        malloc-128    128      10      52        1486       0     126       7936        0
        sctp_readq    152       0      52          33       0     254       7904        0
        malloc-384    384       0      20        4931       0      30       7680        0
        malloc-384    384       1      19          13       0      30       7680        0
        malloc-384    384      20       0          20       0      30       7680        0
     FPU_save_area    832       1       8           1       0      16       7488        0
            cpuset    104       7      55           7       0     126       6448        0
 epoch_record pcpu    256       4      12           4       0      62       4096        0
        malloc-512    512       0       8           2       0      30       4096        0
           pcpu-16     16       7     249           7       0     254       4096        0
         hostcache     64       1      62           1       0     254       4032        0
          syncache    168       0      24           4       0     254       4032        0
         malloc-32     32       0     126           2       0     254       4032        0
       UMA Slabs 1    176       9      13           9       0      62       3872        0
            mqnode    416       3       6           3       0      30       3744        0
        KMAP ENTRY     96      12      27          12       0       0       3744        0
              vmem   1856       1       1           1       0       8       3712        0
tfo_ccache_entries     80       3      29           3       0     126       2560        0
           SMR CPU     32       3      60           3       0     254       2016        0
        SMR SHARED     24       3      60           3       0     254       1512        0
       FFS1 dinode    128       0       0           0       0     126          0        0
             swblk    136       0       0           0       0      62          0        0
          swpctrie    144       0       0           0       0      62          0        0
   sctp_asconf_ack     48       0       0           0       0     254          0        0
       sctp_asconf     40       0       0           0       0     254          0        0
   pf state scrubs     40       0       0           0       0     254          0        0
   pf frag entries     40       0       0           0       0       1          0        0
          pf frags    248       0       0           0       0      62          0        0
  pf table entries    160       0       0           0       0      62          0        0
pf table entry counters     64       0       0           0       0     254          0        0
   pf source nodes    136       0       0           0       0      26          0        0
     pf state keys     88       0       0           0       0     126          0        0
         pf states    296       0       0           0       0      26          0        0
           pf tags    104       0       0           0       0     126          0        0
          pf mtags     48       0       0           0       0     254          0        0
    IPsec SA lft_c     16       0       0           0       0     254          0        0
          tcpreass     48       0       0           0       0     254          0        0
               tfo      4       0       0           0       0     254          0        0
          sackhole     32       0       0           0       0     254          0        0
             tcptw     88       0       0           0       0     254          0        0
            itimer    352       0       0           0       0      30          0        0
            AIOLIO    272       0       0           0       0      30          0        0
             AIOCB    552       0       0           0       0      16          0        0
              AIOP     32       0       0           0       0     254          0        0
               AIO    208       0       0           0       0      62          0        0
        mqnotifier    216       0       0           0       0      62          0        0
            mvdata     64       0       0           0       0     254          0        0
            mqueue    248       0       0           0       0      62          0        0
        TMPFS node    224       0       0           0       0      62          0        0
           NCLNODE    584       0       0           0       0      16          0        0
     LTS VFS Cache    360       0       0           0       0      30          0        0
       L VFS Cache    320       0       0           0       0      30          0        0
     STS VFS Cache    144       0       0           0       0      62          0        0
           cryptop    280       0       0           0       0      30          0        0
  linux_dma_object     24       0       0           0       0     254          0        0
  linux_dma_pctrie    144       0       0           0       0      62          0        0
   IOMMU_MAP_ENTRY    120       0       0           0       0     126          0        0
      ktls_session    192       0       0           0       0      62          0        0
    mbuf_jumbo_16k  16384       0       0           0       0     254          0        0
     mbuf_jumbo_9k   9216       0       0           0       0     254          0        0
      audit_record   1280       0       0           0       0       8          0        0
         domainset     40       0       0           0       0     254          0        0
        MAC labels     40       0       0           0       0     254          0        0
            vnpbuf   2624       0       0           0       0      64          0        0
            mdpbuf   2624       0       0           0       0       3          0        0
           nfspbuf   2624       0       0           0       0      16          0        0
            swwbuf   2624       0       0           0       0       8          0        0
            swrbuf   2624       0       0           0       0      16          0        0
          umtx_shm     88       0       0           0       0     126          0        0
           umtx pi     96       0       0           0       0     126          0        0
rangeset pctrie nodes    144       0       0           0       0      62          0        0
      malloc-65536  65536       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
       malloc-8192   8192       0       0           0       0       1          0        0
       malloc-4096   4096       0       0           0       0       2          0        0
       malloc-4096   4096       0       0           0       0       2          0        0
        malloc-512    512       0       0           0       0      30          0        0
           pcpu-32     32       0       0           0       0     254          0        0
            pcpu-4      4       0       0           0       0     254          0        0
            fakepg    104       0       0           0       0     126          0        0
          UMA Hash    256       0       0           0       0      62          0        0

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-freebsd-main 2021/05/10 18:19 freebsd-src 8725f0b9dbd2 bc5434be console log report Fatal trap 9: general protection fault in mb_free_ext
* Struck through repros no longer work on HEAD.