panic: allocdirect_merge: old blkno ADDR != new ADDR || old size 4096 != new NUM
0 views
Skip to first unread message
syzbot
Apr 4, 2020, 5:25:12 AM4/4/20
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 50e8f4b1 Fix typo
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=124eccafe00000
dashboard link: https://syzkaller.appspot.com/bug?extid=3964e568a13f4beea072
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3964e5...@syzkaller.appspotmail.com
login: panic: allocdirect_merge: old blkno 409736 != new 409736 || old size 4096 != new 32768
cpuid = 0
time = 1585992245
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024ae03b0
vpanic() at vpanic+0x1c7/frame 0xfffffe0024ae0410
panic() at panic+0x43/frame 0xfffffe0024ae0470
allocdirect_merge() at allocdirect_merge+0x2c4/frame 0xfffffe0024ae04d0
merge_inode_lists() at merge_inode_lists+0x177/frame 0xfffffe0024ae0520
softdep_update_inodeblock() at softdep_update_inodeblock+0x374/frame 0xfffffe0024ae0580
ffs_update() at ffs_update+0x309/frame 0xfffffe0024ae0620
ffs_truncate() at ffs_truncate+0x7b1/frame 0xfffffe0024ae0810
ufs_setattr() at ufs_setattr+0x91e/frame 0xfffffe0024ae08b0
VOP_SETATTR_APV() at VOP_SETATTR_APV+0x75/frame 0xfffffe0024ae08e0
vn_truncate_locked() at vn_truncate_locked+0xb6/frame 0xfffffe0024ae09f0
vn_truncate() at vn_truncate+0x1d1/frame 0xfffffe0024ae0a70
kern_ftruncate() at kern_ftruncate+0x151/frame 0xfffffe0024ae0ac0
amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe0024ae0bf0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0024ae0bf0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x41332a, rsp = 0x7fffdfffdf38, rbp = 0x2 ---
KDB: enter: panic
[ thread pid 918 tid 100316 ]
Stopped at kdb_enter+0x67: movq $0,0x146ea36(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rcx 0xfffffe0025200000
rdx 0x3ffff
rbx 0
rsp 0xfffffe0024ae0390
rbp 0xfffffe0024ae03b0
rsi 0x40001
rdi 0xffffffff810b3586 vprintf+0x176
r8 0
r9 0xffffffff
r10 0x6
r11 0x31e4fe
r12 0xffffffff82068e50 ddb_dbbe
r13 0
r14 0xffffffff81932d3e
r15 0xffffffff81932d3e
rip 0xffffffff810a8847 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x146ea36(%rip)
db> show proc
Process 918 (syz-executor.0) at 0xfffff8000b553a50:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 768 at 0xfffff8000b1de000
ABI: FreeBSD ELF64
arguments: /root/syz-executor.0
reaper: 0xfffff8000330c000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe000498e000
(map 0xfffffe000498e000)
(map.pmap 0xfffffe000498e0c0)
(pmap 0xfffffe000498e120)
threads: 4
100117 Run CPU 1 syz-executor.0
100316 Run CPU 0 syz-executor.0
100318 D ufs 0xfffff80003c45620 syz-executor.0
100321 S uwait 0xfffff80003a53800 syz-executor.0
db> ps
pid ppid pgrp uid state wmesg wchan cmd
920 771 771 0 R (threaded) syz-executor.2
100106 RunQ syz-executor.2
100320 S sbwait 0xfffffe0003dd61d4 syz-executor.2
100323 S sbwait 0xfffffe0003da5704 syz-executor.2
919 773 773 0 R (threaded) syz-executor.3
100131 RunQ syz-executor.3
100317 S accept 0xfffffe0003dd6f88 syz-executor.3
100319 S sbwait 0xfffffe0003dd5704 syz-executor.3
100322 S uwait 0xfffff80003a53e00 syz-executor.3
918 768 768 0 R (threaded) syz-executor.0
100117 Run CPU 1 syz-executor.0
100316 Run CPU 0 syz-executor.0
100318 D ufs 0xfffff80003c45620 syz-executor.0
100321 S uwait 0xfffff80003a53800 syz-executor.0
917 769 769 0 S (threaded) syz-executor.1
100080 S nanslp 0xffffffff824ffe81 syz-executor.1
100310 S sbwait 0xfffffe0003dda1d4 syz-executor.1
100312 S uwait 0xfffff80003a53f00 syz-executor.1
100313 S uwait 0xfffff80003a53000 syz-executor.1
100315 S uwait 0xfffff80003a53900 syz-executor.1
869 1 869 0 Ss select 0xfffff800030ee6c0 rtsol
868 1 868 0 Ss select 0xfffff800038222c0 rtsol
867 1 867 0 Ss select 0xfffff800030ee740 rtsol
864 784 422 0 S kqread 0xfffff80003a48800 rtsol
784 775 422 0 S wait 0xfffff80003c80528 sh
775 422 422 0 S wait 0xfffff80003d29a50 sh
773 766 773 0 Ss nanslp 0xffffffff824ffe80 syz-executor.3
771 766 771 0 Ss nanslp 0xffffffff824ffe81 syz-executor.2
769 766 769 0 Rs syz-executor.1
768 766 768 0 Ss nanslp 0xffffffff824ffe80 syz-executor.0
766 764 764 0 S (threaded) syz-fuzzer
100078 S uwait 0xfffff800037fe280 syz-fuzzer
100107 S uwait 0xfffff8000330fd80 syz-fuzzer
100108 S uwait 0xfffff8000330fe80 syz-fuzzer
100109 S kqread 0xfffff80003c41e00 syz-fuzzer
100110 S uwait 0xfffff80003a56780 syz-fuzzer
100111 S uwait 0xfffff80003a56880 syz-fuzzer
100112 S uwait 0xfffff800037fc100 syz-fuzzer
100113 S uwait 0xfffff800037fb200 syz-fuzzer
100114 S uwait 0xfffff800037fc200 syz-fuzzer
100115 S uwait 0xfffff8000330f680 syz-fuzzer
100116 S uwait 0xfffff800037fc300 syz-fuzzer
764 762 764 0 Ss pause 0xfffff8000b1bf5d0 csh
762 680 762 0 Ss select 0xfffff800030ef1c0 sshd
746 1 746 0 Ss+ ttyin 0xfffff8000380dcb0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003b250b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b254b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b258b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003b25cb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003b280b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003b284b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003b288b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003b28cb0 getty
737 734 22 0 S+ nanslp 0xffffffff824ffe81 sleep
735 1 22 0 S+ piperd 0xfffff80003c7f2f8 logger
734 1 22 0 S+ wait 0xfffff80003d23a50 sh
684 1 684 0 Ss nanslp 0xffffffff824ffe80 cron
680 1 680 0 Ss select 0xfffff80003821840 sshd
493 1 493 0 Ss select 0xfffff800038219c0 syslogd
422 1 422 0 Ss wait 0xfffff80003d23000 devd
421 1 421 65 Ss select 0xfffff800030ef540 dhclient
336 1 336 0 Ss select 0xfffff80003821ac0 dhclient
333 1 333 0 Ss select 0xfffff80003821940 dhclient
21 0 0 0 DL syncer 0xffffffff825d6318 [syncer]
20 0 0 0 DL vlruwt 0xfffff80003afa000 [vnlru]
19 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff825d5818 [bufdaemon]
100070 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100081 D sdflush 0xfffff80003c97ce8 [/ worker]
18 0 0 0 DL psleep 0xffffffff825f1188 [vmdaemon]
17 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff8261d058 [dom0]
100068 D launds 0xffffffff8261d064 [laundry: dom0]
100069 D umarcl 0xffffffff81536ab0 [uma]
16 0 0 0 DL - 0xffffffff8235a6b0 [rand_harvestq]
15 0 0 0 DL waiting 0xffffffff82662620 [sctp_iterator]
9 0 0 0 DL - 0xffffffff825d521c [soaiod4]
8 0 0 0 DL - 0xffffffff825d521c [soaiod3]
7 0 0 0 DL - 0xffffffff825d521c [soaiod2]
6 0 0 0 DL - 0xffffffff825d521c [soaiod1]
5 0 0 0 DL (threaded) [cam]
100031 D - 0xffffffff82235ac0 [doneq0]
100062 D - 0xffffffff82235988 [scanner]
4 0 0 0 DL crypto_ 0xfffff8000320be90 [crypto returns 1]
3 0 0 0 DL crypto_ 0xfffff8000320be30 [crypto returns 0]
2 0 0 0 DL crypto_ 0xffffffff825eb250 [crypto]
14 0 0 0 DL seqstat 0xfffff80003364488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100022 D - 0xffffffff8261b688 [g_event]
100023 D - 0xffffffff8261b698 [g_up]
100024 D - 0xffffffff8261b690 [g_down]
12 0 0 0 WL (threaded) [intr]
100010 I [swi6: Giant taskq]
100012 I [swi5: fast taskq]
100016 I [swi6: task queue]
100017 I [swi3: vm]
100018 I [swi4: clock (0)]
100019 I [swi4: clock (1)]
100020 I [swi1: netisr 0]
100032 I [irq24: virtio_pci0]
100033 I [irq25: virtio_pci0]
100034 I [irq26: virtio_pci0]
100035 I [irq27: virtio_pci0]
100036 I [irq28: virtio_pci1]
100037 I [irq29: virtio_pci1]
100038 I [irq30: virtio_pci1]
100039 I [irq31: virtio_pci1]
100040 I [irq32: virtio_pci1]
100045 I [irq10: virtio_pci2]
100047 I [irq1: atkbd0]
100048 I [irq12: psm0]
100049 I [swi0: uart uart++]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff8000330c000 [init]
10 0 0 0 DL audit_w 0xffffffff826631a8 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8260ad08 [swapper]
100005 D - 0xfffff80003215b00 [if_config_tqg_0]
100006 D - 0xfffff80003215900 [softirq_0]
100007 D - 0xfffff80003215700 [softirq_1]
100008 D - 0xfffff80003215500 [if_io_tqg_0]
100009 D - 0xfffff80003215300 [if_io_tqg_1]
100011 D - 0xfffff800031fad00 [thread taskq]
100013 D - 0xfffff800031fab00 [in6m_free taskq]
100014 D - 0xfffff800031faa00 [aiod_kick taskq]
100015 D - 0xfffff800031fa900 [kqueue_ctx taskq]
100021 D - 0xfffff800031fa700 [firmware taskq]
100026 D - 0xfffff800031fa500 [crypto_0]
100027 D - 0xfffff800031fa500 [crypto_1]
100041 D - 0xfffff800031f7a00 [vtnet0 rxq 0]
100042 D - 0xfffff800031f7900 [vtnet0 txq 0]
100043 D - 0xfffff800031f7800 [vtnet0 rxq 1]
100044 D - 0xfffff800031f7700 [vtnet0 txq 1]
100046 D vtbslp 0xfffff800037f3800 [virtio_balloon]
100050 D - 0xfffff8000381e200 [mca taskq]
100055 D - 0xffffffff81cd60c1 [deadlkres]
100057 D - 0xfffff80003b24900 [acpi_task_0]
100058 D - 0xfffff80003b24900 [acpi_task_1]
100059 D - 0xfffff80003b24900 [acpi_task_2]
100061 D - 0xfffff800031fa200 [CAM taskq]
db> show all locks
Process 918 (syz-executor.0) thread 0xfffffe0024965700 (100117)
exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff8250ece0) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_umtx.c:512
Process 918 (syz-executor.0) thread 0xfffffe0024c4fa00 (100316)
exclusive rw per-fs softdep (per-fs softdep) r = 0 (0xfffff80003c97c00) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_softdep.c:12362
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003e46500) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:3878
exclusive lockmgr ufs (ufs) r = 0 (0xfffff80003c45620) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1318
Process 918 (syz-executor.0) thread 0xfffffe0024c44c00 (100318)
exclusive lockmgr ufs (ufs) r = 0 (0xfffff8000b470dc0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_lookup.c:737
Process 917 (syz-executor.1) thread 0xfffffe0024c44500 (100310)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe0003dda178) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:419
db> show malloc
Type InUse MemUse Requests
devbuf 4213 4851K 4238
vtbuf 24 1968K 46
sysctloid 25931 1511K 25995
kobj 332 1328K 488
newblk 561 1164K 663
vfscache 4 1025K 4
inodedep 70 547K 162
pcb 27 537K 180
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 125 266K 988
acpica 1674 185K 52709
vnet_data 1 168K 1
filedesc 21 149K 183
pagedep 26 135K 87
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 222 89K 253
bus 992 79K 3374
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 494 62K 494
umtx 306 39K 306
kdtrace 188 37K 2104
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
gtaskqueue 18 26K 18
ifaddr 70 23K 72
vmem 3 22K 4
kbdmux 6 22K 6
BPF 14 19K 14
lltable 47 18K 47
temp 34 17K 1821
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 89 15K 89
ether_multi 172 14K 177
bus-sc 30 14K 1431
KTRACE 100 13K 100
ifnet 7 13K 7
kenv 95 12K 99
in6_multi 89 11K 89
eventhandler 122 11K 122
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 3 9K 130
kqueue 62 9K 927
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
routetbl 57 8K 61
audit_evclass 232 8K 290
diradd 49 7K 130
CAM DEV 3 6K 510
cred 22 6K 196
vt 11 6K 11
plimit 21 6K 333
sglist 5 6K 5
CAM queue 5 6K 1528
taskqueue 45 5K 45
ufs_dirhash 24 5K 24
dirrem 18 5K 98
DEVFSP 70 5K 74
memdesc 1 4K 1
MCA 32 4K 32
CAM CCB 2 4K 1841
sctp_timw 16 4K 16
evdev 4 4K 4
kcovinfo 64 4K 68
UMA 235 4K 235
session 27 4K 36
pgrp 27 4K 36
indirdep 13 4K 16
hhook 13 4K 13
acpisem 22 3K 22
terminal 11 3K 11
proc-args 49 3K 536
mkdir 21 3K 154
select 18 3K 18
uidinfo 3 3K 7
sctp_ifa 17 3K 17
local_apic 1 2K 1
io_apic 1 2K 1
newdirblk 16 2K 77
ipsec-saq 2 2K 2
ip6ndp 12 2K 21
CAM XPT 22 2K 543
Unitno 27 2K 45
lockf 15 2K 22
in_multi 6 2K 7
acpidev 20 2K 20
msi 9 2K 9
tun 7 2K 7
softdep 1 1K 1
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 6
NFSD session 1 1K 1
CAM periph 4 1K 271
mld 6 1K 6
sctp_ifn 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
inpcbpolicy 20 1K 401
crypto 3 1K 3
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
osd 3 1K 9
freework 2 1K 83
freeblks 1 1K 82
vnodes 1 1K 14
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 6
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
freefile 1 1K 79
pmchooks 1 1K 1
prison 4 1K 4
soname 4 1K 5736
filecaps 4 1K 78
nexusdev 5 1K 5
entropy 2 1K 37
tcpfunc 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
iov 1 1K 13523
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
ath_hal 0 0K 0
athdev 0 0K 0
madt_table 0 0K 2
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
pvscsi 0 0K 0
smartpqi 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
isci 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
UMAHash 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 17
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 5
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 5
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 59
sctp_iter 0 0K 7
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 68
sctp_atky 0 0K 88
sctp_atcl 0 0K 68
sctp_a_it 0 0K 7
sctp_aadr 0 0K 0
sctp_stro 0 0K 20
sctp_stri 0 0K 0
sctp_map 0 0K 40
newreno data 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
statfs 0 0K 251
export_host 0 0K 0
cl_savebuf 0 0K 2
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
mbuf_tag 0 0K 149
accf 0 0K 0
pts 0 0K 0
ioctlops 0 0K 99
Witness 0 0K 0
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 568
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
db> show ktr
No such command; use "help" to list available commands
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 50e8f4b1 Fix typo
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=124eccafe00000
dashboard link: https://syzkaller.appspot.com/bug?extid=3964e568a13f4beea072
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3964e5...@syzkaller.appspotmail.com
login: panic: allocdirect_merge: old blkno 409736 != new 409736 || old size 4096 != new 32768
cpuid = 0
time = 1585992245
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024ae03b0
vpanic() at vpanic+0x1c7/frame 0xfffffe0024ae0410
panic() at panic+0x43/frame 0xfffffe0024ae0470
allocdirect_merge() at allocdirect_merge+0x2c4/frame 0xfffffe0024ae04d0
merge_inode_lists() at merge_inode_lists+0x177/frame 0xfffffe0024ae0520
softdep_update_inodeblock() at softdep_update_inodeblock+0x374/frame 0xfffffe0024ae0580
ffs_update() at ffs_update+0x309/frame 0xfffffe0024ae0620
ffs_truncate() at ffs_truncate+0x7b1/frame 0xfffffe0024ae0810
ufs_setattr() at ufs_setattr+0x91e/frame 0xfffffe0024ae08b0
VOP_SETATTR_APV() at VOP_SETATTR_APV+0x75/frame 0xfffffe0024ae08e0
vn_truncate_locked() at vn_truncate_locked+0xb6/frame 0xfffffe0024ae09f0
vn_truncate() at vn_truncate+0x1d1/frame 0xfffffe0024ae0a70
kern_ftruncate() at kern_ftruncate+0x151/frame 0xfffffe0024ae0ac0
amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe0024ae0bf0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0024ae0bf0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x41332a, rsp = 0x7fffdfffdf38, rbp = 0x2 ---
KDB: enter: panic
[ thread pid 918 tid 100316 ]
Stopped at kdb_enter+0x67: movq $0,0x146ea36(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rcx 0xfffffe0025200000
rdx 0x3ffff
rbx 0
rsp 0xfffffe0024ae0390
rbp 0xfffffe0024ae03b0
rsi 0x40001
rdi 0xffffffff810b3586 vprintf+0x176
r8 0
r9 0xffffffff
r10 0x6
r11 0x31e4fe
r12 0xffffffff82068e50 ddb_dbbe
r13 0
r14 0xffffffff81932d3e
r15 0xffffffff81932d3e
rip 0xffffffff810a8847 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x146ea36(%rip)
db> show proc
Process 918 (syz-executor.0) at 0xfffff8000b553a50:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 768 at 0xfffff8000b1de000
ABI: FreeBSD ELF64
arguments: /root/syz-executor.0
reaper: 0xfffff8000330c000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe000498e000
(map 0xfffffe000498e000)
(map.pmap 0xfffffe000498e0c0)
(pmap 0xfffffe000498e120)
threads: 4
100117 Run CPU 1 syz-executor.0
100316 Run CPU 0 syz-executor.0
100318 D ufs 0xfffff80003c45620 syz-executor.0
100321 S uwait 0xfffff80003a53800 syz-executor.0
db> ps
pid ppid pgrp uid state wmesg wchan cmd
920 771 771 0 R (threaded) syz-executor.2
100106 RunQ syz-executor.2
100320 S sbwait 0xfffffe0003dd61d4 syz-executor.2
100323 S sbwait 0xfffffe0003da5704 syz-executor.2
919 773 773 0 R (threaded) syz-executor.3
100131 RunQ syz-executor.3
100317 S accept 0xfffffe0003dd6f88 syz-executor.3
100319 S sbwait 0xfffffe0003dd5704 syz-executor.3
100322 S uwait 0xfffff80003a53e00 syz-executor.3
918 768 768 0 R (threaded) syz-executor.0
100117 Run CPU 1 syz-executor.0
100316 Run CPU 0 syz-executor.0
100318 D ufs 0xfffff80003c45620 syz-executor.0
100321 S uwait 0xfffff80003a53800 syz-executor.0
917 769 769 0 S (threaded) syz-executor.1
100080 S nanslp 0xffffffff824ffe81 syz-executor.1
100310 S sbwait 0xfffffe0003dda1d4 syz-executor.1
100312 S uwait 0xfffff80003a53f00 syz-executor.1
100313 S uwait 0xfffff80003a53000 syz-executor.1
100315 S uwait 0xfffff80003a53900 syz-executor.1
869 1 869 0 Ss select 0xfffff800030ee6c0 rtsol
868 1 868 0 Ss select 0xfffff800038222c0 rtsol
867 1 867 0 Ss select 0xfffff800030ee740 rtsol
864 784 422 0 S kqread 0xfffff80003a48800 rtsol
784 775 422 0 S wait 0xfffff80003c80528 sh
775 422 422 0 S wait 0xfffff80003d29a50 sh
773 766 773 0 Ss nanslp 0xffffffff824ffe80 syz-executor.3
771 766 771 0 Ss nanslp 0xffffffff824ffe81 syz-executor.2
769 766 769 0 Rs syz-executor.1
768 766 768 0 Ss nanslp 0xffffffff824ffe80 syz-executor.0
766 764 764 0 S (threaded) syz-fuzzer
100078 S uwait 0xfffff800037fe280 syz-fuzzer
100107 S uwait 0xfffff8000330fd80 syz-fuzzer
100108 S uwait 0xfffff8000330fe80 syz-fuzzer
100109 S kqread 0xfffff80003c41e00 syz-fuzzer
100110 S uwait 0xfffff80003a56780 syz-fuzzer
100111 S uwait 0xfffff80003a56880 syz-fuzzer
100112 S uwait 0xfffff800037fc100 syz-fuzzer
100113 S uwait 0xfffff800037fb200 syz-fuzzer
100114 S uwait 0xfffff800037fc200 syz-fuzzer
100115 S uwait 0xfffff8000330f680 syz-fuzzer
100116 S uwait 0xfffff800037fc300 syz-fuzzer
764 762 764 0 Ss pause 0xfffff8000b1bf5d0 csh
762 680 762 0 Ss select 0xfffff800030ef1c0 sshd
746 1 746 0 Ss+ ttyin 0xfffff8000380dcb0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003b250b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b254b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b258b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003b25cb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003b280b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003b284b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003b288b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003b28cb0 getty
737 734 22 0 S+ nanslp 0xffffffff824ffe81 sleep
735 1 22 0 S+ piperd 0xfffff80003c7f2f8 logger
734 1 22 0 S+ wait 0xfffff80003d23a50 sh
684 1 684 0 Ss nanslp 0xffffffff824ffe80 cron
680 1 680 0 Ss select 0xfffff80003821840 sshd
493 1 493 0 Ss select 0xfffff800038219c0 syslogd
422 1 422 0 Ss wait 0xfffff80003d23000 devd
421 1 421 65 Ss select 0xfffff800030ef540 dhclient
336 1 336 0 Ss select 0xfffff80003821ac0 dhclient
333 1 333 0 Ss select 0xfffff80003821940 dhclient
21 0 0 0 DL syncer 0xffffffff825d6318 [syncer]
20 0 0 0 DL vlruwt 0xfffff80003afa000 [vnlru]
19 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff825d5818 [bufdaemon]
100070 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100081 D sdflush 0xfffff80003c97ce8 [/ worker]
18 0 0 0 DL psleep 0xffffffff825f1188 [vmdaemon]
17 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff8261d058 [dom0]
100068 D launds 0xffffffff8261d064 [laundry: dom0]
100069 D umarcl 0xffffffff81536ab0 [uma]
16 0 0 0 DL - 0xffffffff8235a6b0 [rand_harvestq]
15 0 0 0 DL waiting 0xffffffff82662620 [sctp_iterator]
9 0 0 0 DL - 0xffffffff825d521c [soaiod4]
8 0 0 0 DL - 0xffffffff825d521c [soaiod3]
7 0 0 0 DL - 0xffffffff825d521c [soaiod2]
6 0 0 0 DL - 0xffffffff825d521c [soaiod1]
5 0 0 0 DL (threaded) [cam]
100031 D - 0xffffffff82235ac0 [doneq0]
100062 D - 0xffffffff82235988 [scanner]
4 0 0 0 DL crypto_ 0xfffff8000320be90 [crypto returns 1]
3 0 0 0 DL crypto_ 0xfffff8000320be30 [crypto returns 0]
2 0 0 0 DL crypto_ 0xffffffff825eb250 [crypto]
14 0 0 0 DL seqstat 0xfffff80003364488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100022 D - 0xffffffff8261b688 [g_event]
100023 D - 0xffffffff8261b698 [g_up]
100024 D - 0xffffffff8261b690 [g_down]
12 0 0 0 WL (threaded) [intr]
100010 I [swi6: Giant taskq]
100012 I [swi5: fast taskq]
100016 I [swi6: task queue]
100017 I [swi3: vm]
100018 I [swi4: clock (0)]
100019 I [swi4: clock (1)]
100020 I [swi1: netisr 0]
100032 I [irq24: virtio_pci0]
100033 I [irq25: virtio_pci0]
100034 I [irq26: virtio_pci0]
100035 I [irq27: virtio_pci0]
100036 I [irq28: virtio_pci1]
100037 I [irq29: virtio_pci1]
100038 I [irq30: virtio_pci1]
100039 I [irq31: virtio_pci1]
100040 I [irq32: virtio_pci1]
100045 I [irq10: virtio_pci2]
100047 I [irq1: atkbd0]
100048 I [irq12: psm0]
100049 I [swi0: uart uart++]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff8000330c000 [init]
10 0 0 0 DL audit_w 0xffffffff826631a8 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8260ad08 [swapper]
100005 D - 0xfffff80003215b00 [if_config_tqg_0]
100006 D - 0xfffff80003215900 [softirq_0]
100007 D - 0xfffff80003215700 [softirq_1]
100008 D - 0xfffff80003215500 [if_io_tqg_0]
100009 D - 0xfffff80003215300 [if_io_tqg_1]
100011 D - 0xfffff800031fad00 [thread taskq]
100013 D - 0xfffff800031fab00 [in6m_free taskq]
100014 D - 0xfffff800031faa00 [aiod_kick taskq]
100015 D - 0xfffff800031fa900 [kqueue_ctx taskq]
100021 D - 0xfffff800031fa700 [firmware taskq]
100026 D - 0xfffff800031fa500 [crypto_0]
100027 D - 0xfffff800031fa500 [crypto_1]
100041 D - 0xfffff800031f7a00 [vtnet0 rxq 0]
100042 D - 0xfffff800031f7900 [vtnet0 txq 0]
100043 D - 0xfffff800031f7800 [vtnet0 rxq 1]
100044 D - 0xfffff800031f7700 [vtnet0 txq 1]
100046 D vtbslp 0xfffff800037f3800 [virtio_balloon]
100050 D - 0xfffff8000381e200 [mca taskq]
100055 D - 0xffffffff81cd60c1 [deadlkres]
100057 D - 0xfffff80003b24900 [acpi_task_0]
100058 D - 0xfffff80003b24900 [acpi_task_1]
100059 D - 0xfffff80003b24900 [acpi_task_2]
100061 D - 0xfffff800031fa200 [CAM taskq]
db> show all locks
Process 918 (syz-executor.0) thread 0xfffffe0024965700 (100117)
exclusive sleep mutex umtxql (umtxql) r = 0 (0xffffffff8250ece0) locked @ /syzkaller/managers/main/kernel/sys/kern/kern_umtx.c:512
Process 918 (syz-executor.0) thread 0xfffffe0024c4fa00 (100316)
exclusive rw per-fs softdep (per-fs softdep) r = 0 (0xfffff80003c97c00) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_softdep.c:12362
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003e46500) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:3878
exclusive lockmgr ufs (ufs) r = 0 (0xfffff80003c45620) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1318
Process 918 (syz-executor.0) thread 0xfffffe0024c44c00 (100318)
exclusive lockmgr ufs (ufs) r = 0 (0xfffff8000b470dc0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_lookup.c:737
Process 917 (syz-executor.1) thread 0xfffffe0024c44500 (100310)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe0003dda178) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:419
db> show malloc
Type InUse MemUse Requests
devbuf 4213 4851K 4238
vtbuf 24 1968K 46
sysctloid 25931 1511K 25995
kobj 332 1328K 488
newblk 561 1164K 663
vfscache 4 1025K 4
inodedep 70 547K 162
pcb 27 537K 180
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 125 266K 988
acpica 1674 185K 52709
vnet_data 1 168K 1
filedesc 21 149K 183
pagedep 26 135K 87
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 222 89K 253
bus 992 79K 3374
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 494 62K 494
umtx 306 39K 306
kdtrace 188 37K 2104
hostcache 1 32K 1
shm 1 32K 1
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
gtaskqueue 18 26K 18
ifaddr 70 23K 72
vmem 3 22K 4
kbdmux 6 22K 6
BPF 14 19K 14
lltable 47 18K 47
temp 34 17K 1821
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 89 15K 89
ether_multi 172 14K 177
bus-sc 30 14K 1431
KTRACE 100 13K 100
ifnet 7 13K 7
kenv 95 12K 99
in6_multi 89 11K 89
eventhandler 122 11K 122
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 3 9K 130
kqueue 62 9K 927
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
routetbl 57 8K 61
audit_evclass 232 8K 290
diradd 49 7K 130
CAM DEV 3 6K 510
cred 22 6K 196
vt 11 6K 11
plimit 21 6K 333
sglist 5 6K 5
CAM queue 5 6K 1528
taskqueue 45 5K 45
ufs_dirhash 24 5K 24
dirrem 18 5K 98
DEVFSP 70 5K 74
memdesc 1 4K 1
MCA 32 4K 32
CAM CCB 2 4K 1841
sctp_timw 16 4K 16
evdev 4 4K 4
kcovinfo 64 4K 68
UMA 235 4K 235
session 27 4K 36
pgrp 27 4K 36
indirdep 13 4K 16
hhook 13 4K 13
acpisem 22 3K 22
terminal 11 3K 11
proc-args 49 3K 536
mkdir 21 3K 154
select 18 3K 18
uidinfo 3 3K 7
sctp_ifa 17 3K 17
local_apic 1 2K 1
io_apic 1 2K 1
newdirblk 16 2K 77
ipsec-saq 2 2K 2
ip6ndp 12 2K 21
CAM XPT 22 2K 543
Unitno 27 2K 45
lockf 15 2K 22
in_multi 6 2K 7
acpidev 20 2K 20
msi 9 2K 9
tun 7 2K 7
softdep 1 1K 1
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 6
NFSD session 1 1K 1
CAM periph 4 1K 271
mld 6 1K 6
sctp_ifn 6 1K 6
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
inpcbpolicy 20 1K 401
crypto 3 1K 3
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
osd 3 1K 9
freework 2 1K 83
freeblks 1 1K 82
vnodes 1 1K 14
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 6
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
freefile 1 1K 79
pmchooks 1 1K 1
prison 4 1K 4
soname 4 1K 5736
filecaps 4 1K 78
nexusdev 5 1K 5
entropy 2 1K 37
tcpfunc 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
iov 1 1K 13523
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
ath_hal 0 0K 0
athdev 0 0K 0
madt_table 0 0K 2
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
pvscsi 0 0K 0
smartpqi 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
isci 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
UMAHash 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 17
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 2
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 5
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 5
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 59
sctp_iter 0 0K 7
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 68
sctp_atky 0 0K 88
sctp_atcl 0 0K 68
sctp_a_it 0 0K 7
sctp_aadr 0 0K 0
sctp_stro 0 0K 20
sctp_stri 0 0K 0
sctp_map 0 0K 40
newreno data 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
statfs 0 0K 251
export_host 0 0K 0
cl_savebuf 0 0K 2
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
mbuf_tag 0 0K 149
accf 0 0K 0
pts 0 0K 0
ioctlops 0 0K 99
Witness 0 0K 0
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 568
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
db> show ktr
No such command; use "help" to list available commands
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 4, 2020, 7:35:14 AM4/4/20
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 50e8f4b1 Fix typo
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15d9d71fe00000
dashboard link: https://syzkaller.appspot.com/bug?extid=3964e568a13f4beea072
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12b9a4b3e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13e5c643e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3964e5...@syzkaller.appspotmail.com
login: panic: allocdirect_merge: old blkno 406184 != new 406184 || old size 4096 != new 32768
cpuid = 0
time = 1585999950
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024a683b0
vpanic() at vpanic+0x1c7/frame 0xfffffe0024a68410
panic() at panic+0x43/frame 0xfffffe0024a68470
allocdirect_merge() at allocdirect_merge+0x2c4/frame 0xfffffe0024a684d0
merge_inode_lists() at merge_inode_lists+0x177/frame 0xfffffe0024a68520
softdep_update_inodeblock() at softdep_update_inodeblock+0x374/frame 0xfffffe0024a68580
ffs_update() at ffs_update+0x309/frame 0xfffffe0024a68620
ffs_truncate() at ffs_truncate+0x7b1/frame 0xfffffe0024a68810
ufs_setattr() at ufs_setattr+0x91e/frame 0xfffffe0024a688b0
VOP_SETATTR_APV() at VOP_SETATTR_APV+0x75/frame 0xfffffe0024a688e0
vn_truncate_locked() at vn_truncate_locked+0xb6/frame 0xfffffe0024a689f0
vn_truncate() at vn_truncate+0x1d1/frame 0xfffffe0024a68a70
kern_ftruncate() at kern_ftruncate+0x151/frame 0xfffffe0024a68ac0
amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe0024a68bf0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0024a68bf0
--- syscall (0, FreeBSD ELF64, nosys), rip = 0x45752a, rsp = 0x7fffdffdcf88, rbp = 0x6b5a40 ---
KDB: enter: panic
[ thread pid 771 tid 100104 ]
rdx 0xffffffff818937dc
rbx 0
rsp 0xfffffe0024a68390
rbp 0xfffffe0024a683b0
rsi 0x1
rdi 0
ABI: FreeBSD ELF64
arguments: ./syz-executor575965378
(map 0xfffffe00249399e8)
(map.pmap 0xfffffe0024939aa8)
(pmap 0xfffffe0024939b08)
threads: 3
100076 Run CPU 1 syz-executor5759653
100103 S uwait 0xfffff8000330fb00 syz-executor5759653
100104 Run CPU 0 syz-executor5759653
100076 Run CPU 1 syz-executor5759653
100103 S uwait 0xfffff8000330fb00 syz-executor5759653
100104 Run CPU 0 syz-executor5759653
769 767 769 0 Ss pause 0xfffff80003c9baf8 csh
767 680 767 0 Ss select 0xfffff800030ef340 sshd
746 1 746 0 Ss+ ttyin 0xfffff8000380ecb0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003b1e0b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b1e4b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b1e8b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003b1ecb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003b1d0b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003b1d4b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003b1d8b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003b1dcb0 getty
736 1 22 0 S+ piperd 0xfffff8000b28d000 logger
735 734 22 0 S+ nanslp 0xffffffff824ffe80 sleep
734 1 22 0 S+ wait 0xfffff8000b34f000 sh
684 1 684 0 Ss nanslp 0xffffffff824ffe81 cron
680 1 680 0 Ss select 0xfffff80003a50c40 sshd
493 1 493 0 Ss select 0xfffff800030eee40 syslogd
422 1 422 0 Ss select 0xfffff800030ef240 devd
421 1 421 65 Ss select 0xfffff800030ef2c0 dhclient
336 1 336 0 Ss select 0xfffff800030ef1c0 dhclient
333 1 333 0 Ss select 0xfffff80003a50dc0 dhclient
100046 D vtbslp 0xfffff800037f4800 [virtio_balloon]
100050 D - 0xfffff8000381b200 [mca taskq]
100058 D - 0xfffff80003b19900 [acpi_task_1]
100059 D - 0xfffff80003b19900 [acpi_task_2]
exclusive rw per-fs softdep (per-fs softdep) r = 0 (0xfffff80003cffc00) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_softdep.c:12362
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003e45b40) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:3878
exclusive lockmgr ufs (ufs) r = 0 (0xfffff8000b539dc0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1318
vfscache 4 1025K 4
pcb 21 537K 75
inodedep 49 536K 72
linker 222 89K 241
bus 964 78K 3342
DEVFS3 120 30K 130
umtx 234 30K 234
kdtrace 140 27K 1596
temp 17 17K 1533
kenv 95 12K 99
cred 21 6K 234
plimit 17 5K 322
ifnet 3 5K 3
evdev 4 4K 4
filedesc 1 4K 1
UMA 235 4K 235
lltable 11 4K 11
diradd 26 4K 37
hhook 13 4K 13
ether_multi 40 4K 45
in6_multi 25 3K 25
session 20 3K 31
pgrp 20 3K 31
uidinfo 3 3K 8
select 14 2K 14
proc-args 39 2K 472
indirdep 6 2K 9
Unitno 25 2K 37
sctp_ifa 5 1K 5
crypto 3 1K 3
newdirblk 4 1K 8
mkdir 4 1K 16
in_multi 2 1K 3
sctp_ifn 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
loginclass 3 1K 7
soname 4 1K 5740
filecaps 4 1K 66
tun 3 1K 3
nexusdev 5 1K 5
entropy 2 1K 35
savedino 0 0K 12
freeblks 0 0K 25
freefrag 0 0K 7
sctp_iter 0 0K 3
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 3
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
statfs 0 0K 196
export_host 0 0K 0
cl_savebuf 0 0K 3
ioctlops 0 0K 86
HEAD commit: 50e8f4b1 Fix typo
git tree: freebsd
dashboard link: https://syzkaller.appspot.com/bug?extid=3964e568a13f4beea072
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12b9a4b3e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13e5c643e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3964e5...@syzkaller.appspotmail.com
cpuid = 0
time = 1585999950
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024a683b0
vpanic() at vpanic+0x1c7/frame 0xfffffe0024a68410
panic() at panic+0x43/frame 0xfffffe0024a68470
allocdirect_merge() at allocdirect_merge+0x2c4/frame 0xfffffe0024a684d0
merge_inode_lists() at merge_inode_lists+0x177/frame 0xfffffe0024a68520
softdep_update_inodeblock() at softdep_update_inodeblock+0x374/frame 0xfffffe0024a68580
ffs_update() at ffs_update+0x309/frame 0xfffffe0024a68620
ffs_truncate() at ffs_truncate+0x7b1/frame 0xfffffe0024a68810
ufs_setattr() at ufs_setattr+0x91e/frame 0xfffffe0024a688b0
VOP_SETATTR_APV() at VOP_SETATTR_APV+0x75/frame 0xfffffe0024a688e0
vn_truncate_locked() at vn_truncate_locked+0xb6/frame 0xfffffe0024a689f0
vn_truncate() at vn_truncate+0x1d1/frame 0xfffffe0024a68a70
kern_ftruncate() at kern_ftruncate+0x151/frame 0xfffffe0024a68ac0
amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe0024a68bf0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0024a68bf0
--- syscall (0, FreeBSD ELF64, nosys), rip = 0x45752a, rsp = 0x7fffdffdcf88, rbp = 0x6b5a40 ---
KDB: enter: panic
[ thread pid 771 tid 100104 ]
Stopped at kdb_enter+0x67: movq $0,0x146ea36(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rcx 0x80 ll+0x5f
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rdx 0xffffffff818937dc
rbx 0
rsp 0xfffffe0024a68390
rbp 0xfffffe0024a683b0
rsi 0x1
rdi 0
r8 0
r9 0xffffffff
r10 0x6
r11 0x3185fe
r9 0xffffffff
r10 0x6
r12 0xffffffff82068e50 ddb_dbbe
r13 0
r14 0xffffffff81932d3e
r15 0xffffffff81932d3e
rip 0xffffffff810a8847 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x146ea36(%rip)
db> show proc
Process 771 (syz-executor5759653) at 0xfffff80003c9da50:
r13 0
r14 0xffffffff81932d3e
r15 0xffffffff81932d3e
rip 0xffffffff810a8847 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x146ea36(%rip)
db> show proc
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 769 at 0xfffff80003c9ba50
uid: 0 gids: 0, 0, 5
ABI: FreeBSD ELF64
arguments: ./syz-executor575965378
reaper: 0xfffff8000330c000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00249399e8
sigparent: 20
(map 0xfffffe00249399e8)
(map.pmap 0xfffffe0024939aa8)
(pmap 0xfffffe0024939b08)
threads: 3
100076 Run CPU 1 syz-executor5759653
100103 S uwait 0xfffff8000330fb00 syz-executor5759653
100104 Run CPU 0 syz-executor5759653
db> ps
pid ppid pgrp uid state wmesg wchan cmd
771 769 769 0 R (threaded) syz-executor5759653
pid ppid pgrp uid state wmesg wchan cmd
100076 Run CPU 1 syz-executor5759653
100103 S uwait 0xfffff8000330fb00 syz-executor5759653
100104 Run CPU 0 syz-executor5759653
769 767 769 0 Ss pause 0xfffff80003c9baf8 csh
767 680 767 0 Ss select 0xfffff800030ef340 sshd
746 1 746 0 Ss+ ttyin 0xfffff8000380ecb0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003b1e0b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b1e4b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b1e8b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003b1ecb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003b1d0b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003b1d4b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003b1d8b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003b1dcb0 getty
736 1 22 0 S+ piperd 0xfffff8000b28d000 logger
735 734 22 0 S+ nanslp 0xffffffff824ffe80 sleep
734 1 22 0 S+ wait 0xfffff8000b34f000 sh
684 1 684 0 Ss nanslp 0xffffffff824ffe81 cron
680 1 680 0 Ss select 0xfffff80003a50c40 sshd
493 1 493 0 Ss select 0xfffff800030eee40 syslogd
422 1 422 0 Ss select 0xfffff800030ef240 devd
421 1 421 65 Ss select 0xfffff800030ef2c0 dhclient
336 1 336 0 Ss select 0xfffff800030ef1c0 dhclient
333 1 333 0 Ss select 0xfffff80003a50dc0 dhclient
21 0 0 0 DL syncer 0xffffffff825d6318 [syncer]
20 0 0 0 DL vlruwt 0xfffff80003af0000 [vnlru]
19 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff825d5818 [bufdaemon]
100070 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100080 D sdflush 0xfffff80003cffce8 [/ worker]
100065 D qsleep 0xffffffff825d5818 [bufdaemon]
100070 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100050 D - 0xfffff8000381b200 [mca taskq]
100055 D - 0xffffffff81cd60c1 [deadlkres]
100057 D - 0xfffff80003b19900 [acpi_task_0]
100058 D - 0xfffff80003b19900 [acpi_task_1]
100059 D - 0xfffff80003b19900 [acpi_task_2]
100061 D - 0xfffff800031fa200 [CAM taskq]
db> show all locks
Process 771 (syz-executor5759653) thread 0xfffffe0004cf4e00 (100104)
db> show all locks
exclusive rw per-fs softdep (per-fs softdep) r = 0 (0xfffff80003cffc00) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_softdep.c:12362
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003e45b40) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:3878
exclusive lockmgr ufs (ufs) r = 0 (0xfffff8000b539dc0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1318
db> show malloc
Type InUse MemUse Requests
devbuf 4213 4851K 4238
vtbuf 24 1968K 46
sysctloid 25931 1511K 25995
kobj 332 1328K 488
newblk 505 1150K 555
Type InUse MemUse Requests
devbuf 4213 4851K 4238
vtbuf 24 1968K 46
sysctloid 25931 1511K 25995
kobj 332 1328K 488
vfscache 4 1025K 4
pcb 21 537K 75
inodedep 49 536K 72
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 102 205K 830
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
acpica 1674 185K 52709
vnet_data 1 168K 1
pagedep 14 132K 18
vnet_data 1 168K 1
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 101 101K 110
sem 4 106K 4
linker 222 89K 241
bus 964 78K 3342
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 494 62K 494
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 494 62K 494
hostcache 1 32K 1
shm 1 32K 1
msg 4 30K 4
shm 1 32K 1
DEVFS3 120 30K 130
umtx 234 30K 234
kdtrace 140 27K 1596
DEVFS_RULE 56 27K 56
gtaskqueue 18 26K 18
gtaskqueue 18 26K 18
vmem 3 22K 4
kbdmux 6 22K 6
BPF 10 18K 10
kbdmux 6 22K 6
temp 17 17K 1533
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 89 15K 89
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 89 15K 89
bus-sc 30 14K 1431
KTRACE 100 13K 100
ifaddr 30 12K 32
KTRACE 100 13K 100
kenv 95 12K 99
eventhandler 122 11K 122
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 3 9K 41
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
audit_evclass 232 8K 290
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
CAM DEV 3 6K 510
vt 11 6K 11
cred 21 6K 234
sglist 5 6K 5
CAM queue 5 6K 1528
routetbl 28 5K 32
CAM queue 5 6K 1528
taskqueue 45 5K 45
ufs_dirhash 24 5K 24
dirrem 17 5K 28
ufs_dirhash 24 5K 24
plimit 17 5K 322
ifnet 3 5K 3
memdesc 1 4K 1
MCA 32 4K 32
CAM CCB 2 4K 1823
MCA 32 4K 32
evdev 4 4K 4
filedesc 1 4K 1
UMA 235 4K 235
lltable 11 4K 11
diradd 26 4K 37
hhook 13 4K 13
ether_multi 40 4K 45
in6_multi 25 3K 25
acpisem 22 3K 22
terminal 11 3K 11
kqueue 44 3K 774
terminal 11 3K 11
session 20 3K 31
pgrp 20 3K 31
uidinfo 3 3K 8
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
io_apic 1 2K 1
select 14 2K 14
proc-args 39 2K 472
CAM XPT 22 2K 543
lockf 15 2K 22
indirdep 6 2K 9
Unitno 25 2K 37
acpidev 20 2K 20
msi 9 2K 9
msi 9 2K 9
softdep 1 1K 1
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 8
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
NFSD session 1 1K 1
CAM periph 4 1K 271
CAM periph 4 1K 271
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
ip6ndp 4 1K 5
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
sctp_ifa 5 1K 5
crypto 3 1K 3
newdirblk 4 1K 8
mkdir 4 1K 16
in_multi 2 1K 3
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
osd 3 1K 9
mld 2 1K 2
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
osd 3 1K 9
sctp_ifn 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
inpcbpolicy 6 1K 131
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 7
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
pmchooks 1 1K 1
prison 4 1K 4
DEVFSP 2 1K 2
prison 4 1K 4
soname 4 1K 5740
filecaps 4 1K 66
tun 3 1K 3
nexusdev 5 1K 5
entropy 2 1K 35
tcpfunc 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
freework 1 1K 26
pmc 1 1K 1
cpus 2 1K 2
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 3
jfsync 0 0K 0
jtrunc 0 0K 0
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefile 0 0K 9
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freeblks 0 0K 25
freefrag 0 0K 7
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 3
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_iter 0 0K 3
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 3
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 3
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
mbuf_tag 0 0K 25
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
accf 0 0K 0
pts 0 0K 0
iov 0 0K 12991
pts 0 0K 0
ioctlops 0 0K 86
Witness 0 0K 0
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 570
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
kcovinfo 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
Mark Johnston
Apr 11, 2020, 3:57:40 PM4/11/20
to syzbot, syzkaller-f...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages