syzbot


panic: ASan: Invalid access, 1-byte read in udp6_common_ctlinput

Status: fixed on 2021/09/10 22:39
Reported-by: syzbot+3219af764ead146a3a4e@syzkaller.appspotmail.com
Fix commit: b1e6a792d68e net: Enter a net epoch around protocol if_up/down notifications
First crash: 555d, last: 555d

Sample crash report:
panic: ASan: Invalid access, 1-byte read at 0xfffffe009c14b069, UMAUseAfterFree(fd)
cpuid = 1
time = 1627673987
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xfffffe0099867c90
kdb_backtrace() at kdb_backtrace+0xd3/frame 0xfffffe0099867df0
vpanic() at vpanic+0x2c5/frame 0xfffffe0099867ed0
panic() at panic+0xb5/frame 0xfffffe0099867f90
__asan_load1_noabort() at __asan_load1_noabort+0x121/frame 0xfffffe0099868050
udp6_common_ctlinput() at udp6_common_ctlinput+0x85/frame 0xfffffe0099868140
pfctlinput() at pfctlinput+0x82/frame 0xfffffe0099868190
if_up() at if_up+0x6a/frame 0xfffffe00998681d0
ifhwioctl() at ifhwioctl+0x205b/frame 0xfffffe0099868530
ifioctl() at ifioctl+0xcf1/frame 0xfffffe0099868770
kern_ioctl() at kern_ioctl+0x62e/frame 0xfffffe0099868870
sys_ioctl() at sys_ioctl+0x3b6/frame 0xfffffe00998689f0
amd64_syscall() at amd64_syscall+0x425/frame 0xfffffe0099868bf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0099868bf0
--- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x8004882ca, rsp = 0x7fffffffe318, rbp = 0x7fffffffe370 ---
KDB: enter: panic
[ thread pid 3036 tid 101232 ]
Stopped at      kdb_enter+0x6b: movq    $0,0x28eac0a(%rip)
db> 
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs                        0x20
ds                        0x3b
es                        0x3b
fs                        0x13
gs                        0x1b
ss                        0x28
rax                       0x12
rcx         0xdf0cdc8f9d62467e
rdx                        0x1
rbx                          0
rsp         0xfffffe0099867dd0
rbp         0xfffffe0099867df0
rsi                          0
rdi         0xffffffff817ab689  vprintf+0x319
r8                         0x3
r9          0xfffffe0099867908
r10                          0
r11         0xfffffe009aa77c50
r12         0xfffffe009aa77740
r13         0xfffffe0099867e01
r14         0xffffffff82c5d960  .str.18
r15         0xffffffff82c5d960  .str.18
rip         0xffffffff8179f0ab  kdb_enter+0x6b
rflags                    0x46
kdb_enter+0x6b: movq    $0,0x28eac0a(%rip)
db> show proc
Process 3036 (ifconfig) at 0xfffffe009209a538:
 state: NORMAL
 uid: 0  gids: 0
 parent: pid 3035 at 0xfffffe009c0dda70
 ABI: FreeBSD ELF64
 flag: 0x10004000  flag2: 0
 arguments: /sbin/ifconfig -n tap1 inet alias 0.0.0.0 netmask 255.0.0.0 broadcast 255.255.255.255 up
 reaper: 0xfffffe0053d51538 reapsubtree: 1
 sigparent: 20
 vmspace: 0xfffffe00980319f0
   (map 0xfffffe00980319f0)
   (map.pmap 0xfffffe0098031ab0)
   (pmap 0xfffffe0098031b10)
 threads: 1
101232                   Run     CPU 1                       ifconfig
db> ps
  pid  ppid  pgrp   uid  state   wmesg   wchan               cmd
 3036  3035   436     0  R       CPU 1                       ifconfig
 3035  3031   436     0  S       wait    0xfffffe009c0dda70  sh
 3034     1  3034     0  Ss      select  0xfffffe009b993440  dhclient
 3031  3024   436     0  S       wait    0xfffffe0097675000  dhclient
 3024   436   436     0  S       wait    0xfffffe0098036a70  sh
 3023     1  3023    65  Ss      select  0xfffffe00585c6040  dhclient
 3019     1  2911     0  T       (threaded)                  syz-executor.2
100108                   s                                   syz-executor.2
102769                   RunQ                                syz-executor.2
102770                   RunQ                                syz-executor.2
 3017     1  2899     0  RE                                  syz-executor.3
 3016     1  2906     0  T       (threaded)                  syz-executor.0
102458                   s                                   syz-executor.0
102758                   RunQ                                syz-executor.0
 2915     1  2915     0  Ss      select  0xfffffe00980fe9c0  dhclient
 2898     1  2898     0  Ss      select  0xfffffe0058551cc0  dhclient
  782   780   780     0  R       (threaded)                  syz-fuzzer
100105                   Run     CPU 0                       syz-fuzzer
100122                   S       nanslp  0xffffffff84056bc0  syz-fuzzer
100123                   S       uwait   0xfffffe0091e68500  syz-fuzzer
100124                   S       uwait   0xfffffe0091e68600  syz-fuzzer
100125                   S       uwait   0xfffffe0091e68700  syz-fuzzer
100126                   S       uwait   0xfffffe0091e68b80  syz-fuzzer
100127                   S       uwait   0xfffffe0091e68800  syz-fuzzer
100128                   S       uwait   0xfffffe0092077a00  syz-fuzzer
100129                   S       uwait   0xfffffe0092077b00  syz-fuzzer
  780   776   780     0  Ss      pause   0xfffffe0091f4e5e8  csh
  776   694   776     0  Ss      select  0xfffffe0058551ac0  sshd
  761     1   761     0  Ss+     ttyin   0xfffffe0056ff18b0  getty
  760     1   760     0  Ss+     ttyin   0xfffffe00575e64b0  getty
  759     1   759     0  Ss+     ttyin   0xfffffe00575e6cb0  getty
  758     1   758     0  Ss+     ttyin   0xfffffe00583ee4b0  getty
  757     1   757     0  Ss+     ttyin   0xfffffe00583eecb0  getty
  756     1   756     0  Ss+     ttyin   0xfffffe00583eb4b0  getty
  755     1   755     0  Ss+     ttyin   0xfffffe00583ebcb0  getty
  754     1   754     0  Ss+     ttyin   0xfffffe00583954b0  getty
  753     1   753     0  Ss+     ttyin   0xfffffe0058395cb0  getty
  698     1   698     0  Ss      nanslp  0xffffffff84056bc0  cron
  694     1   694     0  Ss      select  0xfffffe0058805240  sshd
  507     1   507     0  Ss      select  0xfffffe0058805440  syslogd
  436     1   436     0  Ss      wait    0xfffffe0058ab8538  devd
  435     1   435    65  Ss      select  0xfffffe00587b0b40  dhclient
  350     1   350     0  Ss      select  0xfffffe00587b0d40  dhclient
  347     1   347     0  Ss      select  0xfffffe0058805740  dhclient
   23     0     0     0  DL      syncer  0xffffffff8417eb80  [syncer]
   22     0     0     0  DL      vlruwt  0xfffffe0058795a70  [vnlru]
   21     0     0     0  DL      (threaded)                  [bufdaemon]
100084                   D       qsleep  0xffffffff8417c9c0  [bufdaemon]
100087                   D       -       0xffffffff83411f80  [bufspacedaemon-0]
100097                   D       sdflush 0xfffffe005753cce8  [/ worker]
   20     0     0     0  DL      psleep  0xffffffff841b4e40  [vmdaemon]
   19     0     0     0  DL      (threaded)                  [pagedaemon]
100082                   D       psleep  0xffffffff841a8978  [dom0]
100085                   D       launds  0xffffffff841a8984  [laundry: dom0]
100086                   D       umarcl  0xffffffff81e97270  [uma]
   18     0     0     0  DL      -       0xffffffff83e0dce0  [rand_harvestq]
   17     0     0     0  DL      waiting 0xffffffff84a40460  [sctp_iterator]
   16     0     0     0  DL      pftm    0xffffffff84d91e20  [pf purge]
   15     0     0     0  DL      -       0xffffffff84177e40  [soaiod4]
    9     0     0     0  DL      -       0xffffffff84177e40  [soaiod3]
    8     0     0     0  DL      -       0xffffffff84177e40  [soaiod2]
    7     0     0     0  DL      -       0xffffffff84177e40  [soaiod1]
    6     0     0     0  DL      (threaded)                  [cam]
100047                   D       -       0xffffffff83c93440  [doneq0]
100048                   D       -       0xffffffff83c933c0  [async]
100081                   D       -       0xffffffff83c93240  [scanner]
   14     0     0     0  DL      seqstat 0xfffffe0056ab1c88  [sequencer 00]
    5     0     0     0  DL      crypto_ 0xfffffe00541acd80  [crypto returns 1]
    4     0     0     0  DL      crypto_ 0xfffffe00541acd30  [crypto returns 0]
    3     0     0     0  DL      crypto_ 0xffffffff841a2a20  [crypto]
   13     0     0     0  DL      (threaded)                  [geom]
100038                   D       -       0xffffffff8402a180  [g_event]
100039                   D       -       0xffffffff8402a1c0  [g_up]
100040                   D       -       0xffffffff8402a200  [g_down]
    2     0     0     0  DL      (threaded)                  [KTLS]
100029                   D       -       0xfffffe0053e16e00  [thr_0]
100030                   D       -       0xfffffe0053e16e80  [thr_1]
   12     0     0     0  WL      (threaded)                  [intr]
100011                   I                                   [swi6: task queue]
100012                   I                                   [swi6: Giant taskq]
100014                   I                                   [swi5: fast taskq]
100031                   I                                   [swi1: netisr 0]
100032                   I                                   [swi3: vm]
100033                   I                                   [swi4: clock (0)]
100034                   I                                   [swi4: clock (1)]
100035                   I                                   [swi1: hpts]
100036                   I                                   [swi1: hpts]
100049                   I                                   [irq24: virtio_pci0]
100050                   I                                   [irq25: virtio_pci0]
100051                   I                                   [irq26: virtio_pci0]
100052                   I                                   [irq27: virtio_pci0]
100053                   I                                   [irq28: virtio_pci1]
100054                   I                                   [irq29: virtio_pci1]
100055                   I                                   [irq30: virtio_pci1]
100056                   I                                   [irq31: virtio_pci1]
100057                   I                                   [irq32: virtio_pci1]
100062                   I                                   [irq10: virtio_pci2]
100064                   I                                   [irq1: atkbd0]
100065                   I                                   [irq12: psm0]
100066                   I                                   [swi0: uart uart++]
100074                   I                                   [swi1: pf send]
   11     0     0     0  RL      (threaded)                  [idle]
100003                   CanRun                              [idle: cpu0]
100004                   CanRun                              [idle: cpu1]
    1     0     1     0  RLs                                 [init]
   10     0     0     0  DL      audit_w 0xffffffff841a39c0  [audit]
    0     0     0     0  DLs     (threaded)                  [kernel]
100000                   D       swapin  0xffffffff8402b080  [swapper]
100005                   D       -       0xfffffe00081f1900  [softirq_0]
100006                   D       -       0xfffffe00081f1700  [softirq_1]
100007                   D       -       0xfffffe00081f1500  [if_io_tqg_0]
100008                   D       -       0xfffffe00081f1300  [if_io_tqg_1]
100009                   D       -       0xfffffe00081f1100  [if_config_tqg_0]
100010                   D       -       0xfffffe0053dede00  [deferred_unmount ta]
100013                   D       -       0xfffffe0053ded800  [thread taskq]
100015                   D       -       0xfffffe0053ded400  [linuxkpi_irq_wq]
100016                   D       -       0xfffffe0053ded200  [kqueue_ctx taskq]
100017                   D       -       0xfffffe0053ded000  [aiod_kick taskq]
100018                   D       -       0xfffffe0053df7d00  [pci_hp taskq]
100019                   D       -       0xfffffe0053df7b00  [inm_free taskq]
100020                   D       -       0xfffffe0053df7900  [in6m_free taskq]
100021                   D       -       0xfffffe0053df7700  [linuxkpi_short_wq_0]
100022                   D       -       0xfffffe0053df7700  [linuxkpi_short_wq_1]
100023                   D       -       0xfffffe0053df7700  [linuxkpi_short_wq_2]
100024                   D       -       0xfffffe0053df7700  [linuxkpi_short_wq_3]
100025                   D       -       0xfffffe0053df7200  [linuxkpi_long_wq_0]
100026                   D       -       0xfffffe0053df7200  [linuxkpi_long_wq_1]
100027                   D       -       0xfffffe0053df7200  [linuxkpi_long_wq_2]
100028                   D       -       0xfffffe0053df7200  [linuxkpi_long_wq_3]
100037                   D       -       0xfffffe0053e02400  [firmware taskq]
100041                   D       -       0xfffffe0054181500  [crypto_0]
100042                   D       -       0xfffffe0054181500  [crypto_1]
100058                   D       -       0xfffffe0056a57100  [vtnet0 rxq 0]
100059                   D       -       0xfffffe0056a57000  [vtnet0 txq 0]
100060                   D       -       0xfffffe0056ec1e00  [vtnet0 rxq 1]
100061                   D       -       0xfffffe0056ec1d00  [vtnet0 txq 1]
100063                   D       vtbslp  0xfffffe0056fd6e80  [virtio_balloon]
100067                   D       -       0xfffffe0056ff6d00  [mca taskq]
100072                   D       -       0xffffffff82c648e1  [deadlkres]
100077                   D       -       0xfffffe0054181e00  [acpi_task_0]
100078                   D       -       0xfffffe0054181e00  [acpi_task_1]
100079                   D       -       0xfffffe0054181e00  [acpi_task_2]
100080                   D       -       0xfffffe0056a57800  [CAM taskq]
 2900   782  2900     0  Z                                   syz-executor.1
 2906   782  2906     0  Z                                   syz-executor.0
 2911   782  2911     0  Z                                   syz-executor.2
 3015     1  2900     0  Z                                   syz-executor.1
 3032     1   436     0  Z                                   dhclient
 3033     1   436     0  Z                                   dhclient
db> show all locks
Process 3017 (syz-executor.3) thread 0xfffffe0091fd4000 (100131)
exclusive rw vm object (vm object) r = 0 (0xfffffe009c15b000) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_kcov.c:413
Process 3016 (syz-executor.0) thread 0xfffffe0098107ac0 (102758)
exclusive sleep mutex sctp-create (inp_create) r = 0 (0xfffffe009b92f988) locked @ /syzkaller/managers/main/kernel/sys/netinet/sctp_output.c:12639
db> show malloc
              Type        InUse        MemUse     Requests
           pf_hash            5        11524K            5
            devbuf         4216         4338K         4244
          tcp_hpts            6         3201K            6
         sysctloid        34320         2027K        34390
             vtbuf           24         1968K           46
              kobj          326         1304K          485
          vfscache            3         1025K            3
            newblk            3         1025K         6202
               pcb           79          598K         3743
          inodedep           15          518K         1938
         ufs_quota            1          512K            1
          vfs_hash            1          512K            1
           callout            2          512K            2
              intr            4          472K            4
              vmem            3          274K            6
           subproc          139          270K         3116
            acpica         1674          184K        54712
         vnet_data            1          168K            1
           tidhash            3          141K            3
            linker          356          140K          471
           pagedep            9          130K         1629
        tfo_ccache            1          128K            1
            DEVFS1          107          107K          124
               sem            4          106K            4
               bus          984           80K         3475
          mtx_pool            2           72K            2
          syncache            1           68K            1
          acpitask            1           64K            1
       ddb_capture            1           64K            1
            module          509           64K          509
          routetbl         1438           60K         4763
          filedesc            8           57K         3352
              umtx          374           47K          374
           kdtrace          218           44K         5809
               BPF           22           36K          107
              temp           36           35K         4774
         hostcache            1           32K            1
               shm            1           32K            1
            DEVFS3          126           32K          136
               msg            4           30K            4
         sctp_stro           26           26K          762
        gtaskqueue           18           26K           18
            kbdmux            6           22K            6
         sctp_atcl           53           20K         2495
        DEVFS_RULE           56           20K           56
            ifaddr           67           19K          155
         ufs_mount            4           17K            5
              proc            3           17K            3
               tty           16           16K           16
           ithread           99           16K           99
            bus-sc           33           14K         1692
           lltable           43           14K          239
       ether_multi          159           13K          857
            KTRACE          100           13K          100
             ifnet            7           13K            7
              kenv           95           12K           95
      eventhandler          133           12K          133
         CAM queue            5           11K         1528
              GEOM           61           10K          489
              rman           84           10K          425
         in6_multi           77           10K          442
         bmsafemap            2            9K         1814
              UART           12            9K           12
           devstat            4            9K            4
              ksem            1            8K           45
         sctp_timw           32            8K           32
               rpc            2            8K            2
             shmfd            1            8K           18
       pfs_vncache            1            8K            1
         pfs_nodes           20            8K           20
     audit_evclass          236            8K          294
            ip6ndp           34            8K           90
         taskqueue           63            7K           63
            sglist            5            7K            5
           CAM DEV            3            6K          510
            kqueue           62            6K         3067
              cred           23            6K          328
            plimit           22            6K          832
          pf_ifnet           13            5K           34
       ufs_dirhash           24            5K           24
               UMA          270            5K          270
          sctp_ifa           34            5K           90
                vt           11            5K           11
          pf_table            2            4K           15
           memdesc            1            4K            1
               MCA           32            4K           32
             evdev            4            4K            4
           acpisem           28            4K           28
           session           27            4K          118
             hhook           15            4K           17
           pwddesc           53            4K         3037
         sctp_atky           79            4K         3513
            DEVFSP           52            4K          988
       fpukern_ctx            3            3K            3
             lockf           26            3K          171
          terminal           11            3K           11
         proc-args           49            3K         1304
          kcovinfo           43            3K          493
           uidinfo            3            3K           13
             selfd           35            3K        43549
        local_apic            1            2K            1
           io_apic            1            2K            1
         ipsec-saq            2            2K            2
            Unitno           27            2K           47
           CAM XPT           22            2K          543
            select           12            2K          157
            diradd           10            2K         1691
       ipsecpolicy            2            2K            2
          in_multi            5            2K           35
           acpidev           20            2K           20
               msi            9            2K            9
             clone            9            2K            9
               tun            7            2K            7
         sctp_aadr           17            2K          157
           softdep            1            1K            1
            sahead            1            1K            1
          secasvar            1            1K            1
             nhops            6            1K           30
       vnodemarker            2            1K          292
      NFSD session            1            1K            1
        CAM periph            4            1K          271
         sctp_athm           53            1K         2614
          sctp_map           52            1K         1524
             ipsec            3            1K            3
               mld            6            1K            6
              igmp            6            1K            6
         toponodes            6            1K            6
            isadev            6            1K            6
             mount           16            1K           89
          pci_link           10            1K           10
           tcp_fsb           22            1K          178
          sctp_ifn            5            1K           90
            crypto            4            1K           78
 encap_export_host           12            1K           12
       inpcbpolicy           19            1K         1553
              pfil            4            1K            4
              cdev            2            1K            2
               osd           12            1K          661
    chacha20random            1            1K            1
          procdesc            3            1K           42
      NFSD lckfile            1            1K            1
     NFSD V4client            1            1K            1
             DEVFS            9            1K           10
          freefile            2            1K         1652
            vnodes            1            1K            1
           CAM SIM            2            1K            2
              ktls            1            1K            1
            feeder            7            1K            7
           tcpfunc            3            1K            3
        loginclass            3            1K            6
            prison            6            1K            6
       lkpikmalloc            5            1K            6
        aesni_data            2            1K            2
            soname            6            1K         6777
           pf_rule            1            1K           49
            apmdev            1            1K            1
          atkbddev            2            1K            2
     CAM dev queue            2            1K            2
             xform            2            1K          578
 CAM I/O Scheduler            1            1K            1
          CAM path            4            1K         1034
          pmchooks            1            1K            1
          nexusdev            7            1K            7
          sctp_vrf            1            1K            1
          freework            1            1K         2627
              vnet            1            1K            1
           entropy            2            1K           79
          acpiintr            1            1K            1
               pmc            1            1K            1
              cpus            2            1K            2
    vnet_data_free            1            1K            1
           Per-cpu            1            1K            1
          filecaps            2            1K          209
          p1003.1b            1            1K            1
           pf_altq            0            0K            0
           pf_osfp            0            0K            0
           pf_temp            0            0K            0
          chd data            0            0K            0
            mqdata            0            0K            0
          cdg data            0            0K            8
        sctp_mcore            0            0K            0
        sctp_socko            0            0K         1166
         sctp_iter            0            0K          120
         sctp_mvrf            0            0K            0
         sctp_cpal            0            0K            5
         sctp_cmsg            0            0K            0
         sctp_stre            0            0K            0
         sctp_athi            0            0K            0
         sctp_a_it            0            0K          115
         sctp_stri            0            0K          278
        cubic data            0            0K            5
        vegas data            0            0K            0
        dctcp data            0            0K            0
         htcp data            0            0K            0
       NEWdirectio            0            0K            0
        NEWNFSnode            0            0K            0
        madt_table            0            0K            2
          smartpqi            0            0K            0
         NFSCL lck            0            0K            0
      NFSCL lckown            0            0K            0
      NFSCL client            0            0K            0
       NFSCL deleg            0            0K            0
        NFSCL open            0            0K            0
       NFSCL owner            0            0K            0
            NFS fh            0            0K            0
           NFS req            0            0K            0
              iavf            0            0K            0
               ixl            0            0K            0
     NFSD usrgroup            0            0K            0
       NFSD string            0            0K            0
       NFSD V4lock            0            0K            0
      NFSD V4state            0            0K            0
     NFSD srvcache            0            0K            0
        ice-resmgr            0            0K            0
         ice-osdep            0            0K            0
               ice            0            0K            0
             axgbe            0            0K            0
       msdosfs_fat            0            0K            0
     msdosfs_mount            0            0K            0
      msdosfs_node            0            0K            0
            DEVFS4            0            0K            0
            DEVFS2            0            0K            0
          xen_intr            0            0K            0
            gntdev            0            0K            0
       privcmd_dev            0            0K            0
           xen_hvm            0            0K            0
         legacydrv            0            0K            0
            qpidrv            0            0K            0
        evtchn_dev            0            0K            0
          xenstore            0            0K            0
      dmar_idpgtbl            0            0K            0
          dmar_dom            0            0K            0
          dmar_ctx            0            0K            0
         ciss_data            0            0K            0
         BACKLIGHT            0            0K            0
               xnb            0            0K            0
              isci            0            0K            0
      iommu_dmamap            0            0K            0
              xbbd            0            0K            0
     hyperv_socket            0            0K            0
           bxe_ilt            0            0K            0
            xenbus            0            0K            0
               xbd            0            0K            0
           Balloon            0            0K            0
          sysmouse            0            0K            0
     vm_fictitious            0            0K            0
            vtfont            0            0K            0
           ath_hal            0            0K            0
            athdev            0            0K            0
           ata_pci            0            0K            0
           ata_dma            0            0K            0
       ata_generic            0            0K            0
               amr            0            0K            0
            pvscsi            0            0K            0
           scsi_da            0            0K           69
           UMAHash            0            0K            0
            ata_da            0            0K            0
         vm_pgdata            0            0K            0
           jblocks            0            0K            0
          savedino            0            0K         1415
          sentinel            0            0K            0
            jfsync            0            0K            0
            jtrunc            0            0K            0
             sbdep            0            0K          139
           jsegdep            0            0K            0
              jseg            0            0K            0
         jfreefrag            0            0K            0
          jfreeblk            0            0K            0
           jnewblk            0            0K            0
            jmvref            0            0K            0
           jremref            0            0K            0
           jaddref            0            0K            0
           freedep            0            0K            0
         newdirblk            0            0K         1534
            dirrem            0            0K         1655
             mkdir            0            0K         3068
          freeblks            0            0K         1704
          freefrag            0            0K            3
        allocindir            0            0K            0
          indirdep            0            0K          997
       allocdirect            0            0K            0
          ufs_trim            0            0K            0
           mactemp            0            0K            0
     audit_trigger            0            0K            0
 audit_pipe_presel            0            0K            0
     audit_pipeent            0            0K            0
        audit_pipe            0            0K            0
      audit_evname            0            0K            0
         audit_bsm            0            0K            0
      audit_gidset            0            0K            0
        audit_text            0            0K            0
        audit_path            0            0K            0
        audit_data            0            0K            0
        audit_cred            0            0K            0
           scsi_ch            0            0K            0
           scsi_cd            0            0K            0
       AHCI driver            0            0K            0
            USBdev            0            0K            0
               USB            0            0K            0
               agp            0            0K            0
           nvme_da            0            0K            0
          ktls_ocf            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
         MLX5E_TLS            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
            MLX5EN            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
          MLX5DUMP            0            0K            0
        MLX5EEPROM            0            0K            0
        MLX5EEPROM            0            0K            0
          seq_file            0            0K            0
             radix            0            0K            0
               idr            0            0K            0
            lkpifw            0            0K            0
               NLM            0            0K            0
    ipsec-spdcache            0            0K            0
         ipsec-reg            0            0K            0
        ipsec-misc            0            0K            0
      ipsecrequest            0            0K            0
            ip6opt            0            0K           12
       ip6_msource            0            0K            0
      ip6_moptions            0            0K            0
       in6_mfilter            0            0K            0
             frag6            0            0K            0
            tcplog            0            0K            0
        tcp_hwpace            0            0K            0
           acpipwr            0            0K            0
         acpi_perf            0            0K            0
               LRO            0            0K            0
      newreno data            0            0K            0
        ip_msource            0            0K            0
       ip_moptions            0            0K            0
        in_mfilter            0            0K            0
              ipid            0            0K            0
         80211scan            0            0K            0
      80211ratectl            0            0K            0
        80211power            0            0K            0
       80211nodeie            0            0K            0
         80211node            0            0K            0
      80211mesh_gt            0            0K            0
      80211mesh_rt            0            0K            0
         80211perr            0            0K            0
         80211prep            0            0K            0
         80211preq            0            0K            0
          80211dfs            0            0K            0
       80211crypto            0            0K            0
          80211vap            0            0K            0
             iflib            0            0K            0
              vlan            0            0K            0
               gif            0            0K            0
           ifdescr            0            0K            0
              zlib            0            0K            0
           fadvise            0            0K            0
           VN POLL            0            0K            0
            twsbuf            0            0K            0
            statfs            0            0K         1699
     namei_tracker            0            0K            5
       export_host            0            0K            0
        cl_savebuf            0            0K           48
      twe_commands            0            0K            0
      twa_commands            0            0K            0
       tcp_log_dev            0            0K           53
      midi buffers            0            0K            0
             mixer            0            0K            0
              ac97            0            0K            0
             hdacc            0            0K            0
              hdac            0            0K            0
              hdaa            0            0K            0
         acpicmbat            0            0K            0
       SIIS driver            0            0K            0
           CAM CCB            0            0K        11317
               PUC            0            0K            0
          ppbusdev            0            0K            0
agtiapi_MemAlloc malloc            0            0K            0
            biobuf            0            0K            0
              aios            0            0K           11
               lio            0            0K            0
               acl            0            0K            0
    osti_cacheable            0            0K            0
          mbuf_tag            0            0K         1072
          tempbuff            0            0K            0
          tempbuff            0            0K            0
ag_tgt_map_t malloc            0            0K            0
ag_slr_map_t malloc            0            0K            0
lDevFlags * malloc            0            0K            0
tiDeviceHandle_t * malloc            0            0K            0
ag_portal_data_t malloc            0            0K            0
ag_device_t malloc            0            0K            0
     STLock malloc            0            0K            0
          CCB List            0            0K            0
            sr_iov            0            0K            0
               OCS            0            0K            0
               OCS            0            0K            0
              nvme            0            0K            0
               nvd            0            0K            0
            netmap            0            0K            0
            mwldev            0            0K            0
        MVS driver            0            0K            0
     CAM ccb queue            0            0K            0
          mrsasbuf            0            0K            0
          mpt_user            0            0K            0
          mps_user            0            0K            0
              accf            0            0K            0
               pts            0            0K            0
               iov            0            0K        25281
          ioctlops            0            0K          387
           eventfd            0            0K            0
           Witness            0            0K            0
             stack            0            0K            0
            MPSSAS            0            0K            0
               mps            0            0K            0
          mpr_user            0            0K            0
            MPRSAS            0            0K            0
               mpr            0            0K            0
            mfibuf            0            0K            0
              sbuf            0            0K          288
        md_sectors            0            0K            0
          firmware            0            0K            0
        compressor            0            0K            0
           md_disk            0            0K            0
              SWAP            0            0K            0
           malodev            0            0K            0
               LED            0            0K            0
         sysctltmp            0            0K         1631
            sysctl            0            0K            3
              ekcd            0            0K            0
            dumper            0            0K            0
          sendfile            0            0K            0
              rctl            0            0K            0
          ix_sriov            0            0K            0
        aacraidcam            0            0K            0
       aacraid_buf            0            0K            0
                ix            0            0K            0
            ipsbuf            0            0K            0
             cache            0            0K            0
            iirbuf            0            0K            0
      prison_racct            0            0K            0
       Fail Points            0            0K            0
             sigio            0            0K            1
filedesc_to_leader            0            0K            0
               pwd            0            0K            0
       tty console            0            0K            0
            aaccam            0            0K            0
            aacbuf            0            0K            0
              zstd            0            0K            0
            XZ_DEC            0            0K            0
            nvlist            0            0K            0
          SCSI ENC            0            0K            0
           SCSI sa            0            0K            0
         scsi_pass            0            0K            0
        isofs_node            0            0K            0
       isofs_mount            0            0K            0
     tr_raid5_data            0            0K            0
    tr_raid1e_data            0            0K            0
     tr_raid1_data            0            0K            0
     tr_raid0_data            0            0K            0
    tr_concat_data            0            0K            0
       md_sii_data            0            0K            0
   md_promise_data            0            0K            0
    md_nvidia_data            0            0K            0
   md_jmicron_data            0            0K            0
     md_intel_data            0            0K            0
       md_ddf_data            0            0K            0
         raid_data            0            0K           72
     geom_flashmap            0            0K            0
         tmpfs dir            0            0K            0
        tmpfs name            0            0K            0
       tmpfs mount            0            0K            0
           NFS FHA            0            0K            0
         newnfsmnt            0            0K            0
  newnfsclient_req            0            0K            0
   NFSCL layrecall            0            0K            0
     NFSCL session            0            0K            0
     NFSCL sockreq            0            0K            0
     NFSCL devinfo            0            0K            0
     NFSCL flayout            0            0K            0
      NFSCL layout            0            0K            0
     NFSD rollback            0            0K            0
      NFSCL diroff            0            0K            0
db> show uma
              Zone   Size    Used    Free    Requests  Sleeps  Bucket  Total Mem    XFree
   mbuf_jumbo_page   4096    8325    4767      379130       0     254   53624832        0
           tcp_log    416       0   12438      101791       0     254    5174208        0
              mbuf    256    8766    5649     1111699       0     254    3690240        0
              pbuf   2624       0     762           0       0       2    1999488        0
          BUF TRIE    144     353   11407        8824       0      62    1693440        0
        RADIX NODE    144    9259    2188      194950       0      63    1648368        0
       UMA Slabs 0    112   14467       2       14467       0     126    1620528        0
        malloc-384    384    4117      13        4128       0      30    1585920        0
        malloc-128    128   11311     159       17470       0     126    1468160        0
       malloc-4096   4096     346       1         517       0       2    1421312        0
         vmem btag     56   22360     151       22523       0     254    1260616        0
      mbuf_cluster   2048     570       2         570       0     254    1171456        0
    ertt_txseginfo     40       0   26967      474375       0     254    1078680        0
        256 Bucket   2048     328      14       20900       0       8     700416        0
         FFS inode   1160     513      40        2165       0       8     641480        0
       tcp_bbr_map    128       0    4495      128497       0     126     575360        0
         VM OBJECT    264    1141     269       49331       0      30     372240        0
            lkpimm    160       1    2324           1       0      62     372000        0
          lkpicurr    160       2    2323           2       0      62     372000        0
            THREAD   1808     157      30        2771       0       8     338096        0
       malloc-2048   2048      35     119       12889       0       8     315392        0
       malloc-4096   4096      63       8        5360       0       2     290816        0
             VNODE    448     551      97        2205       0      30     290304        0
         malloc-64     64    3880     341       48007       0     254     270144        0
      malloc-65536  65536       4       0           4       0       1     262144        0
      malloc-32768  32768       1       6         910       0       1     229376        0
         malloc-16     16   13994     256       14695       0     254     228000        0
            DEVCTL   1024      89     131         403       0       0     225280        0
         malloc-32     32    6712      92        6804       0     254     217728        0
      malloc-16384  16384       4       9        1662       0       1     212992        0
        malloc-256    256     196     614        6773       0      62     207360        0
      malloc-65536  65536       0       3         141       0       1     196608        0
      malloc-65536  65536       3       0           3       0       1     196608        0
         MAP ENTRY     96    1259     715      177730       0     126     189504        0
         UMA Zones    768     242       2         242       0      16     187392        0
         sctp_asoc   2288      26      54         762       0     254     183040        0
        malloc-128    128    1169      71       25781       0     126     158720        0
       mbuf_packet    256      54     516       10481       0     254     145920        0
        128 Bucket   1024     104      35        2545       0      16     142336        0
       FFS2 dinode    256     513      42        2165       0      62     142080        0
       S VFS Cache    104    1028     298        2904       0     126     137904        0
        malloc-128    128     654     400        5677       0     126     134912        0
        malloc-256    256     283     242       12406       0      62     134400        0
      malloc-65536  65536       0       2           8       0       1     131072        0
      malloc-65536  65536       0       2         568       0       1     131072        0
       malloc-1024   1024     124       4         141       0      16     131072        0
           VMSPACE   2544      31      20        3015       0       4     129744        0
            clpbuf   2624       0      48         774       0      16     125952        0
          ksiginfo    112      63     981        1734       0     126     116928        0
       malloc-2048   2048      10      44         517       0       8     110592        0
              PROC   1336      59      19        3036       0       8     104208        0
       malloc-8192   8192       7       4          36       0       1      90112        0
         filedesc0   1072      54      30        3037       0       8      90048        0
          UMA Kegs    384     227       6         227       0      30      89472        0
           sctp_ep   1280      27      42        1564       0     254      88320        0
       malloc-4096   4096       9      12          51       0       2      86016        0
            socket    944      43      45        4785       0     254      83072        0
             g_bio    408       0     200       34216       0      30      81600        0
        malloc-384    384      32     158        2352       0      30      72960        0
        malloc-128    128     485      73        2212       0     126      71424        0
      malloc-65536  65536       1       0           1       0       1      65536        0
      malloc-65536  65536       1       0           1       0       1      65536        0
      malloc-32768  32768       0       2           8       0       1      65536        0
      malloc-32768  32768       0       2         130       0       1      65536        0
       malloc-1024   1024      29      35         939       0      16      65536        0
        sctp_raddr    736      26      62         912       0     254      64768        0
         64 Bucket    512      74      46       12763       0      30      61440        0
         32 Bucket    256      69     141       32971       0      62      53760        0
        malloc-384    384      54      76        2510       0      30      49920        0
        malloc-256    256     136      59        4455       0      62      49920        0
      malloc-16384  16384       3       0           3       0       1      49152        0
      malloc-16384  16384       3       0          18       0       1      49152        0
       malloc-8192   8192       6       0           6       0       1      49152        0
         malloc-64     64     580     176        3550       0     254      48384        0
       malloc-1024   1024       9      35         594       0      16      45056        0
        malloc-128    128     309      32         507       0     126      43648        0
        malloc-384    384      72      38         268       0      30      42240        0
           DIRHASH   1024      34       6          34       0      16      40960        0
       malloc-8192   8192       4       1         105       0       1      40960        0
       malloc-4096   4096       4       6          34       0       2      40960        0
            pcpu-8      8    4711     409        5810       0     254      40960        0
         malloc-64     64     510     120        3756       0     254      40320        0
             tcpcb   1080       8      27         650       0     254      37800        0
              pipe    744      17      33         740       0      16      37200        0
             NAMEI   1024       0      36       31689       0      16      36864        0
       malloc-4096   4096       3       6         158       0       2      36864        0
       malloc-2048   2048       6      12         308       0       8      36864        0
        malloc-384    384      79      11         426       0      30      34560        0
      malloc-32768  32768       1       0           1       0       1      32768        0
      malloc-32768  32768       1       0           1       0       1      32768        0
      malloc-16384  16384       0       2         160       0       1      32768        0
       malloc-8192   8192       4       0           4       0       1      32768        0
           pcpu-64     64     487      25         487       0     254      32768        0
         tcp_inpcb    496       8      56         650       0     254      31744        0
         TURNSTILE    136     188      22         188       0      62      28560        0
         malloc-64     64     143     298        6771       0     254      28224        0
         malloc-64     64     313     128         778       0     254      28224        0
             KNOTE    160      14     161       41306       0      62      28000        0
            ttyinq    160     135      40         300       0      62      28000        0
             Files     80     177     173       19781       0     126      28000        0
          8 Bucket     80      65     285        1807       0     126      28000        0
        malloc-128    128     130      87         939       0     126      27776        0
        malloc-384    384      54      16         167       0      30      26880        0
        malloc-256    256      50      55        1608       0      62      26880        0
       malloc-2048   2048       6       6         226       0       8      24576        0
       malloc-1024   1024      15       9          98       0      16      24576        0
        sctp_chunk    152      25     131        1194       0     254      23712        0
           ttyoutq    256      72      18         160       0      62      23040        0
        malloc-256    256      37      53        1897       0      62      23040        0
      tcp_rack_pcb    832       0      27         156       0      16      22464        0
       tcp_bbr_pcb    832       4      23         317       0      16      22464        0
               PWD     32      14     616        1644       0     254      20160        0
         malloc-64     64     122     193        1351       0     254      20160        0
         udp_inpcb    496       7      33         546       0     254      19840        0
        SLEEPQUEUE     88     188      36         188       0     126      19712        0
       Mountpoints   2752       2       5           2       0       4      19264        0
      malloc-16384  16384       1       0           1       0       1      16384        0
       malloc-8192   8192       1       1           3       0       1      16384        0
       malloc-8192   8192       2       0           2       0       1      16384        0
       malloc-2048   2048       3       5          63       0       8      16384        0
       malloc-1024   1024       9       7          10       0      16      16384        0
        malloc-512    512       3      29         301       0      30      16384        0
        malloc-512    512      12      20         349       0      30      16384        0
         malloc-64     64     102     150       23892       0     254      16128        0
         16 Bucket    144      61      51         580       0      62      16128        0
      vtnet_tx_hdr     24       0     668      425818       0     254      16032        0
     udplite_inpcb    496       2      30         333       0     254      15872        0
        malloc-128    128      73      51        1764       0     126      15872        0
     routing nhops    256      22      38         169       0      62      15360        0
        malloc-384    384      22      18          30       0      30      15360        0
        malloc-256    256      17      43         582       0      62      15360        0
       malloc-2048   2048       2       4         193       0       8      12288        0
       malloc-1024   1024       7       5           7       0      16      12288        0
           rtentry    176      28      41         169       0      62      12144        0
         malloc-32     32     245     133         363       0     254      12096        0
         malloc-32     32      87     291        3686       0     254      12096        0
         malloc-32     32      56     322        2759       0     254      12096        0
          2 Bucket     32      76     302         931       0     254      12096        0
         malloc-16     16     327     423       27844       0     254      12000        0
              kenv    258      15      30        1084       0      30      11610        0
             unpcb    256      18      27        1547       0     254      11520        0
       malloc-8192   8192       1       0           1       0       1       8192        0
       malloc-4096   4096       1       1           2       0       2       8192        0
       malloc-4096   4096       0       2           5       0       2       8192        0
       malloc-2048   2048       2       2           2       0       8       8192        0
       malloc-2048   2048       1       3          41       0       8       8192        0
       malloc-1024   1024       3       5        2392       0      16       8192        0
        malloc-512    512       5      11          30       0      30       8192        0
        malloc-512    512       0      16         118       0      30       8192        0
        malloc-512    512       4      12           4       0      30       8192        0
        malloc-512    512       0      16          14       0      30       8192        0
              PGRP     88      27      65         118       0     126       8096        0
          rl_entry     40      81     121          81       0     254       8080        0
sctp_stream_msg_out    112       6      66         246       0     254       8064        0
        sctp_laddr     48       0     168         892       0     254       8064        0
      tcp_rack_map    112       0      72         278       0     126       8064        0
             udpcb     32       9     243         879       0     254       8064        0
              ertt     72       8     104         650       0     126       8064        0
         malloc-64     64      37      89         497       0     254       8064        0
         malloc-32     32     101     151        1271       0     254       8064        0
         malloc-32     32      38     214         806       0     254       8064        0
         malloc-32     32      51     201         214       0     254       8064        0
         malloc-32     32     111     141        5430       0     254       8064        0
          4 Bucket     48       8     160          97       0     254       8064        0
         malloc-16     16       7     493          50       0     254       8000        0
         malloc-16     16      24     476         843       0     254       8000        0
         malloc-16     16      55     445        2515       0     254       8000        0
         malloc-16     16     199     301        2256       0     254       8000        0
         malloc-16     16      38     462         139       0     254       8000        0
         malloc-16     16      88     412        1648       0     254       8000        0
             ripcb    496       2      14          24       0     254       7936        0
        malloc-128    128      26      36          90       0     126       7936        0
        sctp_readq    152       0      52         172       0     254       7904        0
           cryptop    280       0      28          16       0      30       7840        0
        malloc-256    256      17      13          78       0      62       7680        0
        malloc-256    256      11      19         979       0      62       7680        0
     FPU_save_area    832       1       8           1       0      16       7488        0
            cpuset    104       7      55           7       0     126       6448        0
 epoch_record pcpu    256       4      12           4       0      62       4096        0
        malloc-512    512       0       8           2       0      30       4096        0
           pcpu-16     16       7     249           7       0     254       4096        0
   sctp_asconf_ack     48       0      84           7       0     254       4032        0
         hostcache     64       1      62           1       0     254       4032        0
          syncache    168       0      24           4       0     254       4032        0
       UMA Slabs 1    176       9      13           9       0      62       3872        0
        malloc-384    384       1       9           2       0      30       3840        0
            mqnode    416       3       6           3       0      30       3744        0
        KMAP ENTRY     96      12      27          14       0       0       3744        0
              vmem   1856       1       1           1       0       8       3712        0
           SMR CPU     32       3      60           3       0     254       2016        0
        SMR SHARED     24       3      60           3       0     254       1512        0
       FFS1 dinode    128       0       0           0       0     126          0        0
            da_ccb    544       0       0           0       0      16          0        0
           ada_ccb    272       0       0           0       0      30          0        0
             swblk    136       0       0           0       0      62          0        0
          swpctrie    144       0       0           0       0      62          0        0
   cdg_qdiffsample     16       0       0           0       0     254          0        0
       sctp_asconf     40       0       0           0       0     254          0        0
   pf state scrubs     40       0       0           0       0     254          0        0
   pf frag entries     40       0       0           0       0     254          0        0
          pf frags    248       0       0           0       0      62          0        0
  pf table entries    160       0       0           0       0      62          0        0
pf table entry counters     64       0       0           0       0     254          0        0
   pf source nodes    136       0       0           0       0     254          0        0
     pf state keys     88       0       0           0       0     126          0        0
         pf states    312       0       0           0       0     254          0        0
           pf tags    104       0       0           0       0     126          0        0
          pf mtags     48       0       0           0       0     254          0        0
      tcp_log_node    120       0       0           0       0     126          0        0
    tcp_log_bucket    176       0       0           0       0      62          0        0
          tcpreass     48       0       0           0       0     254          0        0
tfo_ccache_entries     80       0       0           0       0     126          0        0
               tfo      4       0       0           0       0     254          0        0
          sackhole     32       0       0           0       0     254          0        0
             tcptw     88       0       0           0       0     254          0        0
               ipq     56       0       0           0       0     254          0        0
    IPsec SA lft_c     16       0       0           0       0     254          0        0
            itimer    352       0       0           0       0      30          0        0
            AIOLIO    272       0       0           0       0      30          0        0
             AIOCB    552       0       0           0       0      16          0        0
              AIOP     32       0       0           0       0     254          0        0
               AIO    208       0       0           0       0      62          0        0
        mqnotifier    216       0       0           0       0      62          0        0
            mvdata     64       0       0           0       0     254          0        0
            mqueue    248       0       0           0       0      62          0        0
           NCLNODE    592       0       0           0       0      16          0        0
        TMPFS node    224       0       0           0       0      62          0        0
     LTS VFS Cache    360       0       0           0       0      30          0        0
       L VFS Cache    320       0       0           0       0      30          0        0
     STS VFS Cache    144       0       0           0       0      62          0        0
  linux_dma_object     24       0       0           0       0     254          0        0
  linux_dma_pctrie    144       0       0           0       0      62          0        0
   IOMMU_MAP_ENTRY    120       0       0           0       0     126          0        0
      ktls_session    192       0       0           0       0      62          0        0
    mbuf_jumbo_16k  16384       0       0           0       0     254          0        0
     mbuf_jumbo_9k   9216       0       0           0       0     254          0        0
      audit_record   1280       0       0           0       0       8          0        0
         domainset     40       0       0           0       0     254          0        0
        MAC labels     40       0       0           0       0     254          0        0
            vnpbuf   2624       0       0           0       0      64          0        0
            mdpbuf   2624       0       0           0       0       3          0        0
           nfspbuf   2624       0       0           0       0      16          0        0
            swwbuf   2624       0       0           0       0       8          0        0
            swrbuf   2624       0       0           0       0      16          0        0
          umtx_shm     88       0       0           0       0     126          0        0
           umtx pi     96       0       0           0       0     126          0        0
rangeset pctrie nodes    144       0       0           0       0      62          0        0
      malloc-65536  65536       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-32768  32768       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
      malloc-16384  16384       0       0           0       0       1          0        0
       malloc-8192   8192       0       0           0       0       1          0        0
       malloc-4096   4096       0       0           0       0       2          0        0
       malloc-1024   1024       0       0           0       0      16          0        0
        malloc-512    512       0       0           0       0      30          0        0
           pcpu-32     32       0       0           0       0     254          0        0
            pcpu-4      4       0       0           0       0     254          0        0
            fakepg    104       0       0           0       0     126          0        0
          UMA Hash    256       0       0           0       0      62          0        0

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-freebsd-main 2021/07/30 19:36 freebsd-src 0943200b1308 6c236867 console log report panic: ASan: Invalid access, 1-byte read in udp6_common_ctlinput
* Struck through repros no longer work on HEAD.