panic: ffs2_balloc: unwind failed (4)
0 views
Skip to first unread message
syzbot
Apr 3, 2026, 9:33:30 AM (3 days ago) Apr 3
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: de6be2070bf6 rpki-client: const correct cert extension han..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17438dda580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=6a85d4fe8fa209ea90f7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7ca87659cefb/disk-de6be207.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/fa1b78d7ab66/bsd-de6be207.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fc98f3eb5dce/kernel-de6be207.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6a85d4...@syzkaller.appspotmail.com
panic: ffs2_balloc: unwind failed
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*458774 16525 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833a163b) at panic+0x1cf sys/kern/subr_prf.c:198
ffs2_balloc(fffffd80715e8100,6001000003,1,fffffd8007ffd680,1,ffff80003c8f1370) at ffs2_balloc+0x1965
ffs_truncate(fffffd80715e8100,6001000004,0,fffffd8007ffd680) at ffs_truncate+0x4f8 sys/ufs/ffs/ffs_inode.c:217
ufs_setattr(ffff80003c8f1490) at ufs_setattr+0x8e0 sys/ufs/ufs/ufs_vnops.c:403
VOP_SETATTR(fffffd806ce1ede0,ffff80003c8f1518,fffffd8007ffd680,ffff80003c90ba10) at VOP_SETATTR+0x112 sys/kern/vfs_vops.c:210
dotruncate(ffff80003c90ba10,fffffd806ce1ede0,6001000004) at dotruncate+0x1da sys/kern/vfs_syscalls.c:2892
sys_truncate(ffff80003c90ba10,ffff80003c8f17e0,ffff80003c8f1730) at sys_truncate+0x13e sys/kern/vfs_syscalls.c:2916
syscall(ffff80003c8f17e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c8f17e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd489ea59180, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: ffs2_balloc: unwind failed
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833a163b) at panic+0x1cf sys/kern/subr_prf.c:198
ffs2_balloc(fffffd80715e8100,6001000003,1,fffffd8007ffd680,1,ffff80003c8f1370) at ffs2_balloc+0x1965
ffs_truncate(fffffd80715e8100,6001000004,0,fffffd8007ffd680) at ffs_truncate+0x4f8 sys/ufs/ffs/ffs_inode.c:217
ufs_setattr(ffff80003c8f1490) at ufs_setattr+0x8e0 sys/ufs/ufs/ufs_vnops.c:403
VOP_SETATTR(fffffd806ce1ede0,ffff80003c8f1518,fffffd8007ffd680,ffff80003c90ba10) at VOP_SETATTR+0x112 sys/kern/vfs_vops.c:210
dotruncate(ffff80003c90ba10,fffffd806ce1ede0,6001000004) at dotruncate+0x1da sys/kern/vfs_syscalls.c:2892
sys_truncate(ffff80003c90ba10,ffff80003c8f17e0,ffff80003c8f1730) at sys_truncate+0x13e sys/kern/vfs_syscalls.c:2916
syscall(ffff80003c8f17e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c8f17e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd489ea59180, count: -10
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c8f0ff0
rbx 0xfffffd80715e8100
rdx 0xffff8000015d47c0
rcx 0
rax 0xffff80003c90ba10
r8 0x101010101010101
r9 0x8080808080808080
r10 0x32e4b111e0a6f05f
r11 0x3fc30e8ccd3e26f
r12 0
r13 0xffff800000c47800
r14 0
r15 0x1
rip 0xffffffff81100e95 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c8f0fe0
ss 0
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=458774 pid=16525 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=17, usrpri=50, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c90a550,0xffff80003c90b4f0
process=0xffff8000ffffad18 user=0xffff80003c8ec000, vmspace=0xfffffd8073495188
estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
1781 273978 4012 0 2 0 syz-executor
1781 23604 4012 0 2 0x4000000 syz-executor
1781 67559 4012 0 2 0x4000000 syz-executor
50303 428529 28048 0 2 0 syz-executor
50303 135221 28048 0 3 0x4000080 fsleep syz-executor
16525 459860 21800 0 2 0 syz-executor
*16525 458774 21800 0 7 0x4000000 syz-executor
86717 204697 57265 0 2 0 syz-executor
86717 208132 57265 0 3 0x4000080 fsleep syz-executor
1129 121330 42251 0 2 0 syz-executor
1129 466517 42251 0 3 0x4000080 fsleep syz-executor
29981 19744 33596 0 2 0 syz-executor
29981 462593 33596 0 3 0x4000080 fsleep syz-executor
28048 180499 17198 0 3 0x82 nanoslp syz-executor
92664 254926 17198 0 2 0x2 syz-executor
20134 180453 17198 0 2 0x2 syz-executor
57265 91624 17198 0 3 0x82 nanoslp syz-executor
21800 279946 17198 0 3 0x82 nanoslp syz-executor
4012 217044 17198 0 3 0x82 nanoslp syz-executor
42251 41277 17198 0 3 0x82 nanoslp syz-executor
33596 210942 17198 0 3 0x82 nanoslp syz-executor
17198 148619 85447 0 3 0x82 kqread syz-executor
85447 195816 65618 0 3 0x10008a sigsusp ksh
65618 242598 19764 0 3 0x98 kqread sshd-session
19764 137862 9143 0 3 0x92 kqread sshd-session
90811 391099 1 0 3 0x100083 ttyin getty
9143 425400 1 0 3 0x88 kqread sshd
13640 293095 72519 73 3 0x1100090 kqread syslogd
72519 57484 1 0 3 0x100082 sbwait syslogd
27900 491079 1 0 3 0x100080 kqread resolvd
17288 40043 88412 77 3 0x100092 kqread dhcpleased
2162 348424 88412 77 3 0x100092 kqread dhcpleased
88412 190116 1 0 3 0x80 kqread dhcpleased
12650 496177 0 0 3 0x14200 bored smr
47797 408299 0 0 2 0x14200 zerothread
51800 356486 0 0 3 0x14200 aiodoned aiodoned
28826 424547 0 0 3 0x14200 syncer update
40943 59051 0 0 3 0x14200 cleaner cleaner
13195 470319 0 0 3 0x14200 reaper reaper
20910 460550 0 0 3 0x14200 pgdaemon pagedaemon
48934 17141 0 0 3 0x14200 bored viomb
86484 315127 0 0 3 0x40014200 acpi0 acpi0
49226 195229 0 0 3 0x14200 bored softnet0
19867 355371 0 0 3 0x14200 smrbar systqmp
8479 177628 0 0 3 0x14200 bored systq
91606 304492 0 0 3 0x40014200 tmoslp softclock
49891 294904 0 0 3 0x40014200 idle0
1 137362 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11029 12102K 12119K 166960K 12114 0
pcb 18 12K 12K 166960K 18 0
rtable 237 6K 6K 166960K 353 0
pf 30 12K 12K 166960K 30 0
ifaddr 42 7K 7K 166960K 44 0
ifgroup 50 2K 2K 166960K 50 0
sysctl 1 1K 9K 166960K 5 0
counters 33 17K 17K 166960K 33 0
ioctlops 0 0K 2K 166960K 32 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1288 81K 81K 166960K 1354 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 1K 166960K 2 0
VM map 2 1K 1K 166960K 2 0
sem 2 0K 0K 166960K 2 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 16 57K 93K 166960K 140 0
proc 57 58K 91K 166960K 495 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 2 0
in_multi 99 7K 7K 166960K 99 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 37 175K 175K 166960K 37 0
exec 0 0K 1K 166960K 361 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 194 134K 142K 166960K 3022 0
UVM aobj 3 2K 2K 166960K 3 0
pinsyscall 37 74K 94K 166960K 1221 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
NDP 27 2K 2K 166960K 27 0
temp 34 9062K 9126K 166960K 4225 0
kqueue 13 20K 20K 166960K 22 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 38 0 33 1 0 1 1 0 8 0
rtentry 136 111 0 1 4 0 4 4 0 8 0
unpcb 144 31 0 16 1 0 1 1 0 8 0
syncache 336 3 0 3 1 0 1 1 0 8 1
tcpcb 736 9 0 4 1 0 1 1 0 8 0
arp 96 18 0 0 1 0 1 1 0 8 0
inpcb 328 61 0 52 1 0 1 1 0 8 0
ip6q 72 1 0 0 1 0 1 1 0 8 0
ip6af 40 1 0 0 1 0 1 1 0 8 0
nd6 112 24 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 453 0 0 29 0 29 29 0 8 0
art_table 40 454 0 0 5 0 5 5 0 8 0
art_node 32 111 0 9 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1561 0 98 92 0 92 92 0 8 0
ffsino 256 1561 0 98 92 0 92 92 0 8 0
nchpl 144 1757 0 59 63 0 63 63 0 8 0
vnodes 216 1643 0 0 92 0 92 92 0 8 0
namei 1024 5096 0 5096 2 0 2 2 0 8 2
kstatmem 264 22 0 0 2 0 2 2 0 8 0
scxspl 216 5826 0 5826 3 0 3 3 1 8 3
plimitpl 152 29 0 11 1 0 1 1 0 8 0
sigapl 424 430 0 389 6 0 6 6 0 8 1
knotepl 120 2425 0 2378 2 0 2 2 0 8 0
kqueuepl 184 18 0 9 1 0 1 1 0 8 0
pipepl 304 119 0 91 3 0 3 3 0 8 0
fdescpl 448 417 0 389 5 0 5 5 0 8 0
filepl 120 1403 0 1189 7 0 7 7 0 8 0
lockfpl 104 7 0 4 1 0 1 1 0 8 0
lockfspl 48 5 0 2 1 0 1 1 0 8 0
sessionpl 144 21 0 13 1 0 1 1 0 8 0
pgrppl 48 29 0 13 1 0 1 1 0 8 0
ucredpl 104 69 0 58 1 0 1 1 0 8 0
zombiepl 144 389 0 389 1 0 1 1 0 8 1
processpl 1152 430 0 389 4 0 4 4 0 8 0
procpl 664 446 0 398 5 0 5 5 0 8 0
sockpl 552 130 0 101 3 0 3 3 0 8 0
mcl64k 65536 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 4 1 0 1 1 0 8 1
mcl4k 4096 2463 0 2407 14 0 14 14 0 8 6
mcl2k 2048 107 0 106 1 0 1 1 0 8 0
mtagpl 96 4 0 4 1 0 1 1 0 8 1
mbufpl 256 4026 0 3890 10 0 10 10 0 8 1
bufpl 280 2246 0 103 154 0 154 154 0 8 0
anonpl 24 93191 0 90282 22 0 22 22 0 187 3
amapchunkpl 152 8208 0 7805 18 0 18 18 0 158 0
amappl16 200 1636 0 1620 5 0 5 5 0 8 4
amappl15 192 5 0 5 1 0 1 1 0 8 1
amappl14 184 412 0 411 1 0 1 1 0 8 0
amappl13 176 110 0 100 1 0 1 1 0 8 0
amappl12 168 657 0 629 2 0 2 2 0 8 0
amappl11 160 5 0 5 1 0 1 1 0 8 1
amappl10 152 61 0 51 1 0 1 1 0 8 0
amappl9 144 271 0 271 1 0 1 1 0 8 1
amappl8 136 100 0 99 1 0 1 1 0 8 0
amappl7 128 140 0 129 1 0 1 1 0 8 0
amappl6 120 148 0 146 1 0 1 1 0 8 0
amappl5 112 96 0 89 1 0 1 1 0 8 0
amappl4 104 245 0 231 1 0 1 1 0 8 0
amappl3 96 1394 0 1300 3 0 3 3 0 8 0
amappl2 88 493 0 443 2 0 2 2 0 8 0
amappl1 80 8912 0 8360 13 0 13 13 0 8 0
amappl 88 2349 0 2215 4 0 4 4 0 92 0
uvmvnodes 80 96 0 0 2 0 2 2 0 8 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 417 0 389 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 417 0 389 1 0 1 1 0 8 0
vmmpekpl 168 5011 0 4979 2 0 2 2 0 8 0
vmmpepl 168 34692 0 33008 79 0 79 79 0 357 2
vmsppl 368 416 0 389 4 0 4 4 0 8 1
rwobjpl 40 12978 0 12082 11 0 11 11 0 8 0
pdppl 4096 840 0 778 94 14 80 80 0 8 18
pvpl 32 208767 0 200812 69 0 69 69 0 265 1
pmappl 216 416 0 389 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 354 0 14 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833a163b) at panic+0x1cf sys/kern/subr_prf.c:198
ffs2_balloc(fffffd80715e8100,6001000003,1,fffffd8007ffd680,1,ffff80003c8f1370) at ffs2_balloc+0x1965
ffs_truncate(fffffd80715e8100,6001000004,0,fffffd8007ffd680) at ffs_truncate+0x4f8 sys/ufs/ffs/ffs_inode.c:217
ufs_setattr(ffff80003c8f1490) at ufs_setattr+0x8e0 sys/ufs/ufs/ufs_vnops.c:403
VOP_SETATTR(fffffd806ce1ede0,ffff80003c8f1518,fffffd8007ffd680,ffff80003c90ba10) at VOP_SETATTR+0x112 sys/kern/vfs_vops.c:210
dotruncate(ffff80003c90ba10,fffffd806ce1ede0,6001000004) at dotruncate+0x1da sys/kern/vfs_syscalls.c:2892
sys_truncate(ffff80003c90ba10,ffff80003c8f17e0,ffff80003c8f1730) at sys_truncate+0x13e sys/kern/vfs_syscalls.c:2916
syscall(ffff80003c8f17e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c8f17e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd489ea59180, count: -10
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833a163b) at panic+0x1cf sys/kern/subr_prf.c:198
ffs2_balloc(fffffd80715e8100,6001000003,1,fffffd8007ffd680,1,ffff80003c8f1370) at ffs2_balloc+0x1965
ffs_truncate(fffffd80715e8100,6001000004,0,fffffd8007ffd680) at ffs_truncate+0x4f8 sys/ufs/ffs/ffs_inode.c:217
ufs_setattr(ffff80003c8f1490) at ufs_setattr+0x8e0 sys/ufs/ufs/ufs_vnops.c:403
VOP_SETATTR(fffffd806ce1ede0,ffff80003c8f1518,fffffd8007ffd680,ffff80003c90ba10) at VOP_SETATTR+0x112 sys/kern/vfs_vops.c:210
dotruncate(ffff80003c90ba10,fffffd806ce1ede0,6001000004) at dotruncate+0x1da sys/kern/vfs_syscalls.c:2892
sys_truncate(ffff80003c90ba10,ffff80003c8f17e0,ffff80003c8f1730) at sys_truncate+0x13e sys/kern/vfs_syscalls.c:2916
syscall(ffff80003c8f17e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c8f17e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd489ea59180, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: de6be2070bf6 rpki-client: const correct cert extension han..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17438dda580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=6a85d4fe8fa209ea90f7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7ca87659cefb/disk-de6be207.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/fa1b78d7ab66/bsd-de6be207.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fc98f3eb5dce/kernel-de6be207.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6a85d4...@syzkaller.appspotmail.com
panic: ffs2_balloc: unwind failed
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*458774 16525 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833a163b) at panic+0x1cf sys/kern/subr_prf.c:198
ffs2_balloc(fffffd80715e8100,6001000003,1,fffffd8007ffd680,1,ffff80003c8f1370) at ffs2_balloc+0x1965
ffs_truncate(fffffd80715e8100,6001000004,0,fffffd8007ffd680) at ffs_truncate+0x4f8 sys/ufs/ffs/ffs_inode.c:217
ufs_setattr(ffff80003c8f1490) at ufs_setattr+0x8e0 sys/ufs/ufs/ufs_vnops.c:403
VOP_SETATTR(fffffd806ce1ede0,ffff80003c8f1518,fffffd8007ffd680,ffff80003c90ba10) at VOP_SETATTR+0x112 sys/kern/vfs_vops.c:210
dotruncate(ffff80003c90ba10,fffffd806ce1ede0,6001000004) at dotruncate+0x1da sys/kern/vfs_syscalls.c:2892
sys_truncate(ffff80003c90ba10,ffff80003c8f17e0,ffff80003c8f1730) at sys_truncate+0x13e sys/kern/vfs_syscalls.c:2916
syscall(ffff80003c8f17e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c8f17e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd489ea59180, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: ffs2_balloc: unwind failed
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833a163b) at panic+0x1cf sys/kern/subr_prf.c:198
ffs2_balloc(fffffd80715e8100,6001000003,1,fffffd8007ffd680,1,ffff80003c8f1370) at ffs2_balloc+0x1965
ffs_truncate(fffffd80715e8100,6001000004,0,fffffd8007ffd680) at ffs_truncate+0x4f8 sys/ufs/ffs/ffs_inode.c:217
ufs_setattr(ffff80003c8f1490) at ufs_setattr+0x8e0 sys/ufs/ufs/ufs_vnops.c:403
VOP_SETATTR(fffffd806ce1ede0,ffff80003c8f1518,fffffd8007ffd680,ffff80003c90ba10) at VOP_SETATTR+0x112 sys/kern/vfs_vops.c:210
dotruncate(ffff80003c90ba10,fffffd806ce1ede0,6001000004) at dotruncate+0x1da sys/kern/vfs_syscalls.c:2892
sys_truncate(ffff80003c90ba10,ffff80003c8f17e0,ffff80003c8f1730) at sys_truncate+0x13e sys/kern/vfs_syscalls.c:2916
syscall(ffff80003c8f17e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c8f17e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd489ea59180, count: -10
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c8f0ff0
rbx 0xfffffd80715e8100
rdx 0xffff8000015d47c0
rcx 0
rax 0xffff80003c90ba10
r8 0x101010101010101
r9 0x8080808080808080
r10 0x32e4b111e0a6f05f
r11 0x3fc30e8ccd3e26f
r12 0
r13 0xffff800000c47800
r14 0
r15 0x1
rip 0xffffffff81100e95 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c8f0fe0
ss 0
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=458774 pid=16525 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=17, usrpri=50, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c90a550,0xffff80003c90b4f0
process=0xffff8000ffffad18 user=0xffff80003c8ec000, vmspace=0xfffffd8073495188
estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
1781 273978 4012 0 2 0 syz-executor
1781 23604 4012 0 2 0x4000000 syz-executor
1781 67559 4012 0 2 0x4000000 syz-executor
50303 428529 28048 0 2 0 syz-executor
50303 135221 28048 0 3 0x4000080 fsleep syz-executor
16525 459860 21800 0 2 0 syz-executor
*16525 458774 21800 0 7 0x4000000 syz-executor
86717 204697 57265 0 2 0 syz-executor
86717 208132 57265 0 3 0x4000080 fsleep syz-executor
1129 121330 42251 0 2 0 syz-executor
1129 466517 42251 0 3 0x4000080 fsleep syz-executor
29981 19744 33596 0 2 0 syz-executor
29981 462593 33596 0 3 0x4000080 fsleep syz-executor
28048 180499 17198 0 3 0x82 nanoslp syz-executor
92664 254926 17198 0 2 0x2 syz-executor
20134 180453 17198 0 2 0x2 syz-executor
57265 91624 17198 0 3 0x82 nanoslp syz-executor
21800 279946 17198 0 3 0x82 nanoslp syz-executor
4012 217044 17198 0 3 0x82 nanoslp syz-executor
42251 41277 17198 0 3 0x82 nanoslp syz-executor
33596 210942 17198 0 3 0x82 nanoslp syz-executor
17198 148619 85447 0 3 0x82 kqread syz-executor
85447 195816 65618 0 3 0x10008a sigsusp ksh
65618 242598 19764 0 3 0x98 kqread sshd-session
19764 137862 9143 0 3 0x92 kqread sshd-session
90811 391099 1 0 3 0x100083 ttyin getty
9143 425400 1 0 3 0x88 kqread sshd
13640 293095 72519 73 3 0x1100090 kqread syslogd
72519 57484 1 0 3 0x100082 sbwait syslogd
27900 491079 1 0 3 0x100080 kqread resolvd
17288 40043 88412 77 3 0x100092 kqread dhcpleased
2162 348424 88412 77 3 0x100092 kqread dhcpleased
88412 190116 1 0 3 0x80 kqread dhcpleased
12650 496177 0 0 3 0x14200 bored smr
47797 408299 0 0 2 0x14200 zerothread
51800 356486 0 0 3 0x14200 aiodoned aiodoned
28826 424547 0 0 3 0x14200 syncer update
40943 59051 0 0 3 0x14200 cleaner cleaner
13195 470319 0 0 3 0x14200 reaper reaper
20910 460550 0 0 3 0x14200 pgdaemon pagedaemon
48934 17141 0 0 3 0x14200 bored viomb
86484 315127 0 0 3 0x40014200 acpi0 acpi0
49226 195229 0 0 3 0x14200 bored softnet0
19867 355371 0 0 3 0x14200 smrbar systqmp
8479 177628 0 0 3 0x14200 bored systq
91606 304492 0 0 3 0x40014200 tmoslp softclock
49891 294904 0 0 3 0x40014200 idle0
1 137362 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11029 12102K 12119K 166960K 12114 0
pcb 18 12K 12K 166960K 18 0
rtable 237 6K 6K 166960K 353 0
pf 30 12K 12K 166960K 30 0
ifaddr 42 7K 7K 166960K 44 0
ifgroup 50 2K 2K 166960K 50 0
sysctl 1 1K 9K 166960K 5 0
counters 33 17K 17K 166960K 33 0
ioctlops 0 0K 2K 166960K 32 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1288 81K 81K 166960K 1354 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 1K 166960K 2 0
VM map 2 1K 1K 166960K 2 0
sem 2 0K 0K 166960K 2 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 16 57K 93K 166960K 140 0
proc 57 58K 91K 166960K 495 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 2 0
in_multi 99 7K 7K 166960K 99 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 37 175K 175K 166960K 37 0
exec 0 0K 1K 166960K 361 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 194 134K 142K 166960K 3022 0
UVM aobj 3 2K 2K 166960K 3 0
pinsyscall 37 74K 94K 166960K 1221 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
NDP 27 2K 2K 166960K 27 0
temp 34 9062K 9126K 166960K 4225 0
kqueue 13 20K 20K 166960K 22 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 38 0 33 1 0 1 1 0 8 0
rtentry 136 111 0 1 4 0 4 4 0 8 0
unpcb 144 31 0 16 1 0 1 1 0 8 0
syncache 336 3 0 3 1 0 1 1 0 8 1
tcpcb 736 9 0 4 1 0 1 1 0 8 0
arp 96 18 0 0 1 0 1 1 0 8 0
inpcb 328 61 0 52 1 0 1 1 0 8 0
ip6q 72 1 0 0 1 0 1 1 0 8 0
ip6af 40 1 0 0 1 0 1 1 0 8 0
nd6 112 24 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 453 0 0 29 0 29 29 0 8 0
art_table 40 454 0 0 5 0 5 5 0 8 0
art_node 32 111 0 9 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1561 0 98 92 0 92 92 0 8 0
ffsino 256 1561 0 98 92 0 92 92 0 8 0
nchpl 144 1757 0 59 63 0 63 63 0 8 0
vnodes 216 1643 0 0 92 0 92 92 0 8 0
namei 1024 5096 0 5096 2 0 2 2 0 8 2
kstatmem 264 22 0 0 2 0 2 2 0 8 0
scxspl 216 5826 0 5826 3 0 3 3 1 8 3
plimitpl 152 29 0 11 1 0 1 1 0 8 0
sigapl 424 430 0 389 6 0 6 6 0 8 1
knotepl 120 2425 0 2378 2 0 2 2 0 8 0
kqueuepl 184 18 0 9 1 0 1 1 0 8 0
pipepl 304 119 0 91 3 0 3 3 0 8 0
fdescpl 448 417 0 389 5 0 5 5 0 8 0
filepl 120 1403 0 1189 7 0 7 7 0 8 0
lockfpl 104 7 0 4 1 0 1 1 0 8 0
lockfspl 48 5 0 2 1 0 1 1 0 8 0
sessionpl 144 21 0 13 1 0 1 1 0 8 0
pgrppl 48 29 0 13 1 0 1 1 0 8 0
ucredpl 104 69 0 58 1 0 1 1 0 8 0
zombiepl 144 389 0 389 1 0 1 1 0 8 1
processpl 1152 430 0 389 4 0 4 4 0 8 0
procpl 664 446 0 398 5 0 5 5 0 8 0
sockpl 552 130 0 101 3 0 3 3 0 8 0
mcl64k 65536 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 4 1 0 1 1 0 8 1
mcl4k 4096 2463 0 2407 14 0 14 14 0 8 6
mcl2k 2048 107 0 106 1 0 1 1 0 8 0
mtagpl 96 4 0 4 1 0 1 1 0 8 1
mbufpl 256 4026 0 3890 10 0 10 10 0 8 1
bufpl 280 2246 0 103 154 0 154 154 0 8 0
anonpl 24 93191 0 90282 22 0 22 22 0 187 3
amapchunkpl 152 8208 0 7805 18 0 18 18 0 158 0
amappl16 200 1636 0 1620 5 0 5 5 0 8 4
amappl15 192 5 0 5 1 0 1 1 0 8 1
amappl14 184 412 0 411 1 0 1 1 0 8 0
amappl13 176 110 0 100 1 0 1 1 0 8 0
amappl12 168 657 0 629 2 0 2 2 0 8 0
amappl11 160 5 0 5 1 0 1 1 0 8 1
amappl10 152 61 0 51 1 0 1 1 0 8 0
amappl9 144 271 0 271 1 0 1 1 0 8 1
amappl8 136 100 0 99 1 0 1 1 0 8 0
amappl7 128 140 0 129 1 0 1 1 0 8 0
amappl6 120 148 0 146 1 0 1 1 0 8 0
amappl5 112 96 0 89 1 0 1 1 0 8 0
amappl4 104 245 0 231 1 0 1 1 0 8 0
amappl3 96 1394 0 1300 3 0 3 3 0 8 0
amappl2 88 493 0 443 2 0 2 2 0 8 0
amappl1 80 8912 0 8360 13 0 13 13 0 8 0
amappl 88 2349 0 2215 4 0 4 4 0 92 0
uvmvnodes 80 96 0 0 2 0 2 2 0 8 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 417 0 389 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 417 0 389 1 0 1 1 0 8 0
vmmpekpl 168 5011 0 4979 2 0 2 2 0 8 0
vmmpepl 168 34692 0 33008 79 0 79 79 0 357 2
vmsppl 368 416 0 389 4 0 4 4 0 8 1
rwobjpl 40 12978 0 12082 11 0 11 11 0 8 0
pdppl 4096 840 0 778 94 14 80 80 0 8 18
pvpl 32 208767 0 200812 69 0 69 69 0 265 1
pmappl 216 416 0 389 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 354 0 14 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833a163b) at panic+0x1cf sys/kern/subr_prf.c:198
ffs2_balloc(fffffd80715e8100,6001000003,1,fffffd8007ffd680,1,ffff80003c8f1370) at ffs2_balloc+0x1965
ffs_truncate(fffffd80715e8100,6001000004,0,fffffd8007ffd680) at ffs_truncate+0x4f8 sys/ufs/ffs/ffs_inode.c:217
ufs_setattr(ffff80003c8f1490) at ufs_setattr+0x8e0 sys/ufs/ufs/ufs_vnops.c:403
VOP_SETATTR(fffffd806ce1ede0,ffff80003c8f1518,fffffd8007ffd680,ffff80003c90ba10) at VOP_SETATTR+0x112 sys/kern/vfs_vops.c:210
dotruncate(ffff80003c90ba10,fffffd806ce1ede0,6001000004) at dotruncate+0x1da sys/kern/vfs_syscalls.c:2892
sys_truncate(ffff80003c90ba10,ffff80003c8f17e0,ffff80003c8f1730) at sys_truncate+0x13e sys/kern/vfs_syscalls.c:2916
syscall(ffff80003c8f17e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c8f17e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd489ea59180, count: -10
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833a163b) at panic+0x1cf sys/kern/subr_prf.c:198
ffs2_balloc(fffffd80715e8100,6001000003,1,fffffd8007ffd680,1,ffff80003c8f1370) at ffs2_balloc+0x1965
ffs_truncate(fffffd80715e8100,6001000004,0,fffffd8007ffd680) at ffs_truncate+0x4f8 sys/ufs/ffs/ffs_inode.c:217
ufs_setattr(ffff80003c8f1490) at ufs_setattr+0x8e0 sys/ufs/ufs/ufs_vnops.c:403
VOP_SETATTR(fffffd806ce1ede0,ffff80003c8f1518,fffffd8007ffd680,ffff80003c90ba10) at VOP_SETATTR+0x112 sys/kern/vfs_vops.c:210
dotruncate(ffff80003c90ba10,fffffd806ce1ede0,6001000004) at dotruncate+0x1da sys/kern/vfs_syscalls.c:2892
sys_truncate(ffff80003c90ba10,ffff80003c8f17e0,ffff80003c8f1730) at sys_truncate+0x13e sys/kern/vfs_syscalls.c:2916
syscall(ffff80003c8f17e0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c8f17e0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd489ea59180, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages