panic: allocdirect_merge: old blkno ADDR != new ADDR || old size 8192 != new NUM
3 views
Skip to first unread message
syzbot
Apr 4, 2020, 5:41:14 AM4/4/20
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 50e8f4b1 Fix typo
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14ceccafe00000
dashboard link: https://syzkaller.appspot.com/bug?extid=2f982d5989a6ff3f35e9
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2f982d...@syzkaller.appspotmail.com
panic: allocdirect_merge: old blkno 408560 != new 408560 || old size 8192 != new 32768
cpuid = 1
time = 1585993195
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024ac73b0
vpanic() at vpanic+0x1c7/frame 0xfffffe0024ac7410
panic() at panic+0x43/frame 0xfffffe0024ac7470
allocdirect_merge() at allocdirect_merge+0x2c4/frame 0xfffffe0024ac74d0
merge_inode_lists() at merge_inode_lists+0x177/frame 0xfffffe0024ac7520
softdep_update_inodeblock() at softdep_update_inodeblock+0x374/frame 0xfffffe0024ac7580
ffs_update() at ffs_update+0x309/frame 0xfffffe0024ac7620
ffs_truncate() at ffs_truncate+0x7b1/frame 0xfffffe0024ac7810
ufs_setattr() at ufs_setattr+0x91e/frame 0xfffffe0024ac78b0
VOP_SETATTR_APV() at VOP_SETATTR_APV+0x75/frame 0xfffffe0024ac78e0
vn_truncate_locked() at vn_truncate_locked+0xb6/frame 0xfffffe0024ac79f0
vn_truncate() at vn_truncate+0x1d1/frame 0xfffffe0024ac7a70
kern_ftruncate() at kern_ftruncate+0x151/frame 0xfffffe0024ac7ac0
amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe0024ac7bf0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0024ac7bf0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x41332a, rsp = 0x7fffdffdcf38, rbp = 0x2 ---
KDB: enter: panic
[ thread pid 7282 tid 100887 ]
Stopped at kdb_enter+0x67: movq $0,0x146ea36(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rcx 0xfffffe002b600000
rdx 0x3ffff
rbx 0
rsp 0xfffffe0024ac7390
rbp 0xfffffe0024ac73b0
rsi 0x40001
rdi 0xffffffff810b3586 vprintf+0x176
r8 0
r9 0xffffffff
r10 0x6
r11 0x125be
r12 0xffffffff82068e50 ddb_dbbe
r13 0
r14 0xffffffff81932d3e
r15 0xffffffff81932d3e
rip 0xffffffff810a8847 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x146ea36(%rip)
db> show proc
Process 7282 (syz-executor.3) at 0xfffff80003d2c528:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 773 at 0xfffff80003c85a50
ABI: FreeBSD ELF64
arguments: /root/syz-executor.3
reaper: 0xfffff8000330c000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe002493d000
(map 0xfffffe002493d000)
(map.pmap 0xfffffe002493d0c0)
(pmap 0xfffffe002493d120)
threads: 4
100084 RunQ syz-executor.3
100875 S select 0xfffff8000bad3cc0 syz-executor.3
100887 Run CPU 1 syz-executor.3
100893 D range 0xfffff80003c5d0a0 syz-executor.3
db> ps
pid ppid pgrp uid state wmesg wchan cmd
7282 773 773 0 R (threaded) syz-executor.3
100084 RunQ syz-executor.3
100875 S select 0xfffff8000bad3cc0 syz-executor.3
100887 Run CPU 1 syz-executor.3
100893 D range 0xfffff80003c5d0a0 syz-executor.3
7281 7078 7078 0 S (threaded) syz-executor.0
100325 S nanslp 0xffffffff824ffe80 syz-executor.0
100871 S sbwait 0xfffffe0003dd98e4 syz-executor.0
100886 S uwait 0xfffff80003a39c80 syz-executor.0
100888 S uwait 0xfffff8000bbc5180 syz-executor.0
7280 7076 7076 0 R (threaded) syz-executor.2
100252 Run CPU 0 syz-executor.2
100859 S select 0xfffff80003a4f4c0 syz-executor.2
100885 S uwait 0xfffff80003a3b780 syz-executor.2
100889 S uwait 0xfffff8000bbe3080 syz-executor.2
7279 769 769 0 S (threaded) syz-executor.1
100128 S nanslp 0xffffffff824ffe80 syz-executor.1
100873 S select 0xfffff8000bb1b0c0 syz-executor.1
100882 S uwait 0xfffff8000bbc5080 syz-executor.1
100883 S uwait 0xfffff8000330fe00 syz-executor.1
7098 7066 7098 0 Ss select 0xfffff8000bb1b540 dhclient
7078 766 7078 0 Rs syz-executor.0
7076 766 7076 0 Ss nanslp 0xffffffff824ffe80 syz-executor.2
7072 1 7072 0 Ss select 0xfffff8000bad3440 dhclient
7066 7049 422 65 S select 0xfffff80003a50940 dhclient
7049 422 422 0 S wait 0xfffff80003ce3528 sh
2473 1 2473 65 Ss select 0xfffff8000bad3740 dhclient
2018 1 2018 0 Ss select 0xfffff8000bad3d40 dhclient
2014 1 2014 0 Ss select 0xfffff80003a50cc0 dhclient
1151 1 1151 65 Ss select 0xfffff8000bad3c40 dhclient
820 1 820 0 Ss select 0xfffff80003a4f7c0 dhclient
814 1 814 0 Ss select 0xfffff8000bb1b4c0 dhclient
773 766 773 0 Rs syz-executor.3
769 766 769 0 Rs syz-executor.1
766 764 764 0 S (threaded) syz-fuzzer
100095 S uwait 0xfffff800037fc480 syz-fuzzer
100103 S uwait 0xfffff80003a3cf00 syz-fuzzer
100104 S uwait 0xfffff80003a3b080 syz-fuzzer
100105 S kqread 0xfffff80003a3e400 syz-fuzzer
100106 S uwait 0xfffff80003a3c800 syz-fuzzer
100107 S uwait 0xfffff80003a3c900 syz-fuzzer
100108 S uwait 0xfffff800037fc800 syz-fuzzer
100109 S uwait 0xfffff8000330f600 syz-fuzzer
100110 S uwait 0xfffff8000330f700 syz-fuzzer
100111 S uwait 0xfffff8000330fc00 syz-fuzzer
764 762 764 0 Ss pause 0xfffff8000b338af8 csh
762 680 762 0 Ss select 0xfffff800030eea40 sshd
746 1 746 0 Ss+ ttyin 0xfffff8000380dcb0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003b1d0b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b1d4b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b1d8b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003b1dcb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003b200b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003b204b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003b208b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003b20cb0 getty
684 1 684 0 Ss nanslp 0xffffffff824ffe80 cron
680 1 680 0 Ss select 0xfffff80003a52040 sshd
493 1 493 0 Ss select 0xfffff800030eed40 syslogd
422 1 422 0 Ss wait 0xfffff80003ce3000 devd
421 1 421 65 Ss select 0xfffff800030eeb40 dhclient
336 1 336 0 Ss select 0xfffff80003a52140 dhclient
333 1 333 0 Ss select 0xfffff80003a52240 dhclient
21 0 0 0 DL syncer 0xffffffff825d6318 [syncer]
20 0 0 0 DL vlruwt 0xfffff80003aef000 [vnlru]
19 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff825d5818 [bufdaemon]
100070 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100081 D sdflush 0xfffff80003ce8ce8 [/ worker]
18 0 0 0 DL psleep 0xffffffff825f1188 [vmdaemon]
17 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff8261d058 [dom0]
100068 D launds 0xffffffff8261d064 [laundry: dom0]
100069 D umarcl 0xffffffff81536ab0 [uma]
16 0 0 0 DL - 0xffffffff8235a6b0 [rand_harvestq]
15 0 0 0 DL waiting 0xffffffff82662620 [sctp_iterator]
9 0 0 0 DL - 0xffffffff825d521c [soaiod4]
8 0 0 0 DL - 0xffffffff825d521c [soaiod3]
7 0 0 0 DL - 0xffffffff825d521c [soaiod2]
6 0 0 0 DL - 0xffffffff825d521c [soaiod1]
5 0 0 0 DL (threaded) [cam]
100031 D - 0xffffffff82235ac0 [doneq0]
100062 D - 0xffffffff82235988 [scanner]
4 0 0 0 DL crypto_ 0xfffff8000320be90 [crypto returns 1]
3 0 0 0 DL crypto_ 0xfffff8000320be30 [crypto returns 0]
2 0 0 0 DL crypto_ 0xffffffff825eb250 [crypto]
14 0 0 0 DL seqstat 0xfffff80003364488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100022 D - 0xffffffff8261b688 [g_event]
100023 D - 0xffffffff8261b698 [g_up]
100024 D - 0xffffffff8261b690 [g_down]
12 0 0 0 WL (threaded) [intr]
100010 I [swi6: Giant taskq]
100012 I [swi5: fast taskq]
100016 I [swi6: task queue]
100017 I [swi3: vm]
100018 I [swi4: clock (0)]
100019 I [swi4: clock (1)]
100020 I [swi1: netisr 0]
100032 I [irq24: virtio_pci0]
100033 I [irq25: virtio_pci0]
100034 I [irq26: virtio_pci0]
100035 I [irq27: virtio_pci0]
100036 I [irq28: virtio_pci1]
100037 I [irq29: virtio_pci1]
100038 I [irq30: virtio_pci1]
100039 I [irq31: virtio_pci1]
100040 I [irq32: virtio_pci1]
100045 I [irq10: virtio_pci2]
100047 I [irq1: atkbd0]
100048 I [irq12: psm0]
100049 I [swi0: uart uart++]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff8000330c000 [init]
10 0 0 0 DL audit_w 0xffffffff826631a8 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8260ad08 [swapper]
100005 D - 0xfffff80003215b00 [if_config_tqg_0]
100006 D - 0xfffff80003215900 [softirq_0]
100007 D - 0xfffff80003215700 [softirq_1]
100008 D - 0xfffff80003215500 [if_io_tqg_0]
100009 D - 0xfffff80003215300 [if_io_tqg_1]
100011 D - 0xfffff800031fad00 [thread taskq]
100013 D - 0xfffff800031fab00 [in6m_free taskq]
100014 D - 0xfffff800031faa00 [aiod_kick taskq]
100015 D - 0xfffff800031fa900 [kqueue_ctx taskq]
100021 D - 0xfffff800031fa700 [firmware taskq]
100026 D - 0xfffff800031fa500 [crypto_0]
100027 D - 0xfffff800031fa500 [crypto_1]
100041 D - 0xfffff800031f7a00 [vtnet0 rxq 0]
100042 D - 0xfffff800031f7900 [vtnet0 txq 0]
100043 D - 0xfffff800031f7800 [vtnet0 rxq 1]
100044 D - 0xfffff800031f7700 [vtnet0 txq 1]
100046 D vtbslp 0xfffff800037f3800 [virtio_balloon]
100050 D - 0xfffff8000381e200 [mca taskq]
100055 D - 0xffffffff81cd60c0 [deadlkres]
100057 D - 0xfffff80003b1c900 [acpi_task_0]
100058 D - 0xfffff80003b1c900 [acpi_task_1]
100059 D - 0xfffff80003b1c900 [acpi_task_2]
100061 D - 0xfffff800031fa200 [CAM taskq]
db> show all locks
Process 7282 (syz-executor.3) thread 0xfffffe002497b700 (100887)
exclusive rw per-fs softdep (per-fs softdep) r = 0 (0xfffff80003ce8c00) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_softdep.c:12362
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003e46500) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:3878
exclusive lockmgr ufs (ufs) r = 0 (0xfffff8000bb7d9f0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1318
Process 7281 (syz-executor.0) thread 0xfffffe0024d98000 (100871)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe0003dd9888) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:419
db> show malloc
Type InUse MemUse Requests
sctp_stro 12 20487K 408
devbuf 4213 4851K 4241
vtbuf 24 1968K 46
sysctloid 25931 1511K 25995
kobj 332 1328K 488
newblk 28 1031K 22072
vfscache 4 1025K 4
pcb 49 564K 4680
inodedep 41 532K 8826
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 141 277K 7365
acpica 1674 185K 52709
vnet_data 1 168K 1
filedesc 22 153K 12727
pagedep 23 134K 6789
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 222 89K 265
bus 974 79K 3390
mtx_pool 2 72K 2
BPF 38 71K 54
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 494 62K 494
umtx 360 45K 360
kdtrace 189 37K 35144
hostcache 1 32K 1
shm 1 32K 5
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
vmem 3 26K 5
gtaskqueue 18 26K 18
ifaddr 73 25K 89
kbdmux 6 22K 6
temp 35 18K 3479
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
lltable 43 16K 120
ithread 89 15K 89
ether_multi 172 14K 299
bus-sc 30 14K 1431
KTRACE 100 13K 100
ifnet 7 13K 7
sctp_atcl 24 12K 1998
kenv 95 12K 99
in6_multi 89 11K 148
eventhandler 122 11K 122
pfs_nodes 20 10K 20
select 78 10K 78
GEOM 60 10K 487
rman 82 10K 423
lockf 84 10K 7596
bmsafemap 3 9K 8645
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
sctp_timw 32 8K 32
shmfd 1 8K 1
pfs_vncache 1 8K 1
routetbl 55 8K 82
audit_evclass 232 8K 290
CAM DEV 3 6K 510
cred 24 6K 387
kqueue 61 6K 7287
plimit 23 6K 882
vt 11 6K 11
sglist 5 6K 5
CAM queue 5 6K 1528
DEVFSP 76 5K 156
taskqueue 45 5K 45
ufs_dirhash 24 5K 24
memdesc 1 4K 1
MCA 32 4K 32
CAM CCB 2 4K 78627
evdev 4 4K 4
kcovinfo 64 4K 136
session 31 4K 55
pgrp 31 4K 100
UMA 235 4K 235
hhook 13 4K 13
diradd 22 3K 7810
acpisem 22 3K 22
terminal 11 3K 11
proc-args 50 3K 729
mkdir 18 3K 12786
uidinfo 3 3K 46
sctp_ifa 17 3K 29
local_apic 1 2K 1
io_apic 1 2K 1
newdirblk 16 2K 6393
ipsec-saq 2 2K 2
ip6ndp 12 2K 29
dirrem 7 2K 7753
Unitno 31 2K 39013
CAM XPT 22 2K 543
sctp_atky 36 2K 2422
in_multi 6 2K 17
acpidev 20 2K 20
msi 9 2K 9
tun 7 2K 7
freework 5 2K 11956
softdep 1 1K 1
freeblks 4 1K 7249
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 1266
NFSD session 1 1K 1
CAM periph 4 1K 271
freefile 6 1K 7717
indirdep 3 1K 5743
mld 6 1K 6
sctp_ifn 6 1K 10
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
inpcbpolicy 20 1K 22289
crypto 3 1K 3
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
sctp_athm 24 1K 2003
sctp_map 24 1K 816
osd 3 1K 9
vnodes 1 1K 229
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 6
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
pmchooks 1 1K 1
prison 4 1K 4
soname 4 1K 7282
nexusdev 5 1K 5
entropy 2 1K 50
tcpfunc 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
filecaps 4 1K 109
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
ath_hal 0 0K 0
athdev 0 0K 0
madt_table 0 0K 2
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
pvscsi 0 0K 0
smartpqi 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
isci 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
UMAHash 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 5285
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 633
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 108
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 95
ip6_msource 0 0K 4
ip6_moptions 0 0K 9
in6_mfilter 0 0K 29
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 395
sctp_iter 0 0K 22
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 22
sctp_aadr 0 0K 0
sctp_stri 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 3
ip_moptions 0 0K 44
in_mfilter 0 0K 20
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 8
tiDeviceHandle_t * malloc 0 0K 0
statfs 0 0K 6548
export_host 0 0K 0
cl_savebuf 0 0K 49
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
mbuf_tag 0 0K 350
accf 0 0K 0
pts 0 0K 0
iov 0 0K 26718
ioctlops 0 0K 313
Witness 0 0K 0
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 776
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 24
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
db> show ktr
No such command; use "help" to list available commands
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 50e8f4b1 Fix typo
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14ceccafe00000
dashboard link: https://syzkaller.appspot.com/bug?extid=2f982d5989a6ff3f35e9
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2f982d...@syzkaller.appspotmail.com
panic: allocdirect_merge: old blkno 408560 != new 408560 || old size 8192 != new 32768
cpuid = 1
time = 1585993195
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024ac73b0
vpanic() at vpanic+0x1c7/frame 0xfffffe0024ac7410
panic() at panic+0x43/frame 0xfffffe0024ac7470
allocdirect_merge() at allocdirect_merge+0x2c4/frame 0xfffffe0024ac74d0
merge_inode_lists() at merge_inode_lists+0x177/frame 0xfffffe0024ac7520
softdep_update_inodeblock() at softdep_update_inodeblock+0x374/frame 0xfffffe0024ac7580
ffs_update() at ffs_update+0x309/frame 0xfffffe0024ac7620
ffs_truncate() at ffs_truncate+0x7b1/frame 0xfffffe0024ac7810
ufs_setattr() at ufs_setattr+0x91e/frame 0xfffffe0024ac78b0
VOP_SETATTR_APV() at VOP_SETATTR_APV+0x75/frame 0xfffffe0024ac78e0
vn_truncate_locked() at vn_truncate_locked+0xb6/frame 0xfffffe0024ac79f0
vn_truncate() at vn_truncate+0x1d1/frame 0xfffffe0024ac7a70
kern_ftruncate() at kern_ftruncate+0x151/frame 0xfffffe0024ac7ac0
amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe0024ac7bf0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0024ac7bf0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x41332a, rsp = 0x7fffdffdcf38, rbp = 0x2 ---
KDB: enter: panic
[ thread pid 7282 tid 100887 ]
Stopped at kdb_enter+0x67: movq $0,0x146ea36(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rcx 0xfffffe002b600000
rdx 0x3ffff
rbx 0
rsp 0xfffffe0024ac7390
rbp 0xfffffe0024ac73b0
rsi 0x40001
rdi 0xffffffff810b3586 vprintf+0x176
r8 0
r9 0xffffffff
r10 0x6
r11 0x125be
r12 0xffffffff82068e50 ddb_dbbe
r13 0
r14 0xffffffff81932d3e
r15 0xffffffff81932d3e
rip 0xffffffff810a8847 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x146ea36(%rip)
db> show proc
Process 7282 (syz-executor.3) at 0xfffff80003d2c528:
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 773 at 0xfffff80003c85a50
ABI: FreeBSD ELF64
arguments: /root/syz-executor.3
reaper: 0xfffff8000330c000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe002493d000
(map 0xfffffe002493d000)
(map.pmap 0xfffffe002493d0c0)
(pmap 0xfffffe002493d120)
threads: 4
100084 RunQ syz-executor.3
100875 S select 0xfffff8000bad3cc0 syz-executor.3
100887 Run CPU 1 syz-executor.3
100893 D range 0xfffff80003c5d0a0 syz-executor.3
db> ps
pid ppid pgrp uid state wmesg wchan cmd
7282 773 773 0 R (threaded) syz-executor.3
100084 RunQ syz-executor.3
100875 S select 0xfffff8000bad3cc0 syz-executor.3
100887 Run CPU 1 syz-executor.3
100893 D range 0xfffff80003c5d0a0 syz-executor.3
7281 7078 7078 0 S (threaded) syz-executor.0
100325 S nanslp 0xffffffff824ffe80 syz-executor.0
100871 S sbwait 0xfffffe0003dd98e4 syz-executor.0
100886 S uwait 0xfffff80003a39c80 syz-executor.0
100888 S uwait 0xfffff8000bbc5180 syz-executor.0
7280 7076 7076 0 R (threaded) syz-executor.2
100252 Run CPU 0 syz-executor.2
100859 S select 0xfffff80003a4f4c0 syz-executor.2
100885 S uwait 0xfffff80003a3b780 syz-executor.2
100889 S uwait 0xfffff8000bbe3080 syz-executor.2
7279 769 769 0 S (threaded) syz-executor.1
100128 S nanslp 0xffffffff824ffe80 syz-executor.1
100873 S select 0xfffff8000bb1b0c0 syz-executor.1
100882 S uwait 0xfffff8000bbc5080 syz-executor.1
100883 S uwait 0xfffff8000330fe00 syz-executor.1
7098 7066 7098 0 Ss select 0xfffff8000bb1b540 dhclient
7078 766 7078 0 Rs syz-executor.0
7076 766 7076 0 Ss nanslp 0xffffffff824ffe80 syz-executor.2
7072 1 7072 0 Ss select 0xfffff8000bad3440 dhclient
7066 7049 422 65 S select 0xfffff80003a50940 dhclient
7049 422 422 0 S wait 0xfffff80003ce3528 sh
2473 1 2473 65 Ss select 0xfffff8000bad3740 dhclient
2018 1 2018 0 Ss select 0xfffff8000bad3d40 dhclient
2014 1 2014 0 Ss select 0xfffff80003a50cc0 dhclient
1151 1 1151 65 Ss select 0xfffff8000bad3c40 dhclient
820 1 820 0 Ss select 0xfffff80003a4f7c0 dhclient
814 1 814 0 Ss select 0xfffff8000bb1b4c0 dhclient
773 766 773 0 Rs syz-executor.3
769 766 769 0 Rs syz-executor.1
766 764 764 0 S (threaded) syz-fuzzer
100095 S uwait 0xfffff800037fc480 syz-fuzzer
100103 S uwait 0xfffff80003a3cf00 syz-fuzzer
100104 S uwait 0xfffff80003a3b080 syz-fuzzer
100105 S kqread 0xfffff80003a3e400 syz-fuzzer
100106 S uwait 0xfffff80003a3c800 syz-fuzzer
100107 S uwait 0xfffff80003a3c900 syz-fuzzer
100108 S uwait 0xfffff800037fc800 syz-fuzzer
100109 S uwait 0xfffff8000330f600 syz-fuzzer
100110 S uwait 0xfffff8000330f700 syz-fuzzer
100111 S uwait 0xfffff8000330fc00 syz-fuzzer
764 762 764 0 Ss pause 0xfffff8000b338af8 csh
762 680 762 0 Ss select 0xfffff800030eea40 sshd
746 1 746 0 Ss+ ttyin 0xfffff8000380dcb0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003b1d0b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b1d4b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b1d8b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003b1dcb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003b200b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003b204b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003b208b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003b20cb0 getty
684 1 684 0 Ss nanslp 0xffffffff824ffe80 cron
680 1 680 0 Ss select 0xfffff80003a52040 sshd
493 1 493 0 Ss select 0xfffff800030eed40 syslogd
422 1 422 0 Ss wait 0xfffff80003ce3000 devd
421 1 421 65 Ss select 0xfffff800030eeb40 dhclient
336 1 336 0 Ss select 0xfffff80003a52140 dhclient
333 1 333 0 Ss select 0xfffff80003a52240 dhclient
21 0 0 0 DL syncer 0xffffffff825d6318 [syncer]
20 0 0 0 DL vlruwt 0xfffff80003aef000 [vnlru]
19 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff825d5818 [bufdaemon]
100070 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100081 D sdflush 0xfffff80003ce8ce8 [/ worker]
18 0 0 0 DL psleep 0xffffffff825f1188 [vmdaemon]
17 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff8261d058 [dom0]
100068 D launds 0xffffffff8261d064 [laundry: dom0]
100069 D umarcl 0xffffffff81536ab0 [uma]
16 0 0 0 DL - 0xffffffff8235a6b0 [rand_harvestq]
15 0 0 0 DL waiting 0xffffffff82662620 [sctp_iterator]
9 0 0 0 DL - 0xffffffff825d521c [soaiod4]
8 0 0 0 DL - 0xffffffff825d521c [soaiod3]
7 0 0 0 DL - 0xffffffff825d521c [soaiod2]
6 0 0 0 DL - 0xffffffff825d521c [soaiod1]
5 0 0 0 DL (threaded) [cam]
100031 D - 0xffffffff82235ac0 [doneq0]
100062 D - 0xffffffff82235988 [scanner]
4 0 0 0 DL crypto_ 0xfffff8000320be90 [crypto returns 1]
3 0 0 0 DL crypto_ 0xfffff8000320be30 [crypto returns 0]
2 0 0 0 DL crypto_ 0xffffffff825eb250 [crypto]
14 0 0 0 DL seqstat 0xfffff80003364488 [sequencer 00]
13 0 0 0 DL (threaded) [geom]
100022 D - 0xffffffff8261b688 [g_event]
100023 D - 0xffffffff8261b698 [g_up]
100024 D - 0xffffffff8261b690 [g_down]
12 0 0 0 WL (threaded) [intr]
100010 I [swi6: Giant taskq]
100012 I [swi5: fast taskq]
100016 I [swi6: task queue]
100017 I [swi3: vm]
100018 I [swi4: clock (0)]
100019 I [swi4: clock (1)]
100020 I [swi1: netisr 0]
100032 I [irq24: virtio_pci0]
100033 I [irq25: virtio_pci0]
100034 I [irq26: virtio_pci0]
100035 I [irq27: virtio_pci0]
100036 I [irq28: virtio_pci1]
100037 I [irq29: virtio_pci1]
100038 I [irq30: virtio_pci1]
100039 I [irq31: virtio_pci1]
100040 I [irq32: virtio_pci1]
100045 I [irq10: virtio_pci2]
100047 I [irq1: atkbd0]
100048 I [irq12: psm0]
100049 I [swi0: uart uart++]
11 0 0 0 RL (threaded) [idle]
100003 CanRun [idle: cpu0]
100004 CanRun [idle: cpu1]
1 0 1 0 SLs wait 0xfffff8000330c000 [init]
10 0 0 0 DL audit_w 0xffffffff826631a8 [audit]
0 0 0 0 DLs (threaded) [kernel]
100000 D swapin 0xffffffff8260ad08 [swapper]
100005 D - 0xfffff80003215b00 [if_config_tqg_0]
100006 D - 0xfffff80003215900 [softirq_0]
100007 D - 0xfffff80003215700 [softirq_1]
100008 D - 0xfffff80003215500 [if_io_tqg_0]
100009 D - 0xfffff80003215300 [if_io_tqg_1]
100011 D - 0xfffff800031fad00 [thread taskq]
100013 D - 0xfffff800031fab00 [in6m_free taskq]
100014 D - 0xfffff800031faa00 [aiod_kick taskq]
100015 D - 0xfffff800031fa900 [kqueue_ctx taskq]
100021 D - 0xfffff800031fa700 [firmware taskq]
100026 D - 0xfffff800031fa500 [crypto_0]
100027 D - 0xfffff800031fa500 [crypto_1]
100041 D - 0xfffff800031f7a00 [vtnet0 rxq 0]
100042 D - 0xfffff800031f7900 [vtnet0 txq 0]
100043 D - 0xfffff800031f7800 [vtnet0 rxq 1]
100044 D - 0xfffff800031f7700 [vtnet0 txq 1]
100046 D vtbslp 0xfffff800037f3800 [virtio_balloon]
100050 D - 0xfffff8000381e200 [mca taskq]
100055 D - 0xffffffff81cd60c0 [deadlkres]
100057 D - 0xfffff80003b1c900 [acpi_task_0]
100058 D - 0xfffff80003b1c900 [acpi_task_1]
100059 D - 0xfffff80003b1c900 [acpi_task_2]
100061 D - 0xfffff800031fa200 [CAM taskq]
db> show all locks
Process 7282 (syz-executor.3) thread 0xfffffe002497b700 (100887)
exclusive rw per-fs softdep (per-fs softdep) r = 0 (0xfffff80003ce8c00) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_softdep.c:12362
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003e46500) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:3878
exclusive lockmgr ufs (ufs) r = 0 (0xfffff8000bb7d9f0) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1318
Process 7281 (syz-executor.0) thread 0xfffffe0024d98000 (100871)
exclusive sx so_rcv_sx (so_rcv_sx) r = 0 (0xfffffe0003dd9888) locked @ /syzkaller/managers/main/kernel/sys/kern/uipc_sockbuf.c:419
db> show malloc
Type InUse MemUse Requests
sctp_stro 12 20487K 408
devbuf 4213 4851K 4241
vtbuf 24 1968K 46
sysctloid 25931 1511K 25995
kobj 332 1328K 488
newblk 28 1031K 22072
vfscache 4 1025K 4
pcb 49 564K 4680
inodedep 41 532K 8826
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 141 277K 7365
acpica 1674 185K 52709
vnet_data 1 168K 1
filedesc 22 153K 12727
pagedep 23 134K 6789
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 105 105K 122
linker 222 89K 265
bus 974 79K 3390
mtx_pool 2 72K 2
BPF 38 71K 54
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 494 62K 494
umtx 360 45K 360
kdtrace 189 37K 35144
hostcache 1 32K 1
shm 1 32K 5
DEVFS3 124 31K 134
msg 4 30K 4
DEVFS_RULE 56 27K 56
vmem 3 26K 5
gtaskqueue 18 26K 18
ifaddr 73 25K 89
kbdmux 6 22K 6
temp 35 18K 3479
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
lltable 43 16K 120
ithread 89 15K 89
ether_multi 172 14K 299
bus-sc 30 14K 1431
KTRACE 100 13K 100
ifnet 7 13K 7
sctp_atcl 24 12K 1998
kenv 95 12K 99
in6_multi 89 11K 148
eventhandler 122 11K 122
pfs_nodes 20 10K 20
select 78 10K 78
GEOM 60 10K 487
rman 82 10K 423
lockf 84 10K 7596
bmsafemap 3 9K 8645
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
sctp_timw 32 8K 32
shmfd 1 8K 1
pfs_vncache 1 8K 1
routetbl 55 8K 82
audit_evclass 232 8K 290
CAM DEV 3 6K 510
cred 24 6K 387
kqueue 61 6K 7287
plimit 23 6K 882
vt 11 6K 11
sglist 5 6K 5
CAM queue 5 6K 1528
DEVFSP 76 5K 156
taskqueue 45 5K 45
ufs_dirhash 24 5K 24
memdesc 1 4K 1
MCA 32 4K 32
CAM CCB 2 4K 78627
evdev 4 4K 4
kcovinfo 64 4K 136
session 31 4K 55
pgrp 31 4K 100
UMA 235 4K 235
hhook 13 4K 13
diradd 22 3K 7810
acpisem 22 3K 22
terminal 11 3K 11
proc-args 50 3K 729
mkdir 18 3K 12786
uidinfo 3 3K 46
sctp_ifa 17 3K 29
local_apic 1 2K 1
io_apic 1 2K 1
newdirblk 16 2K 6393
ipsec-saq 2 2K 2
ip6ndp 12 2K 29
dirrem 7 2K 7753
Unitno 31 2K 39013
CAM XPT 22 2K 543
sctp_atky 36 2K 2422
in_multi 6 2K 17
acpidev 20 2K 20
msi 9 2K 9
tun 7 2K 7
freework 5 2K 11956
softdep 1 1K 1
freeblks 4 1K 7249
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 1266
NFSD session 1 1K 1
CAM periph 4 1K 271
freefile 6 1K 7717
indirdep 3 1K 5743
mld 6 1K 6
sctp_ifn 6 1K 10
igmp 6 1K 6
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
inpcbpolicy 20 1K 22289
crypto 3 1K 3
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
sctp_athm 24 1K 2003
sctp_map 24 1K 816
osd 3 1K 9
vnodes 1 1K 229
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 6
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
pmchooks 1 1K 1
prison 4 1K 4
soname 4 1K 7282
nexusdev 5 1K 5
entropy 2 1K 50
tcpfunc 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
filecaps 4 1K 109
cpus 2 1K 2
vnet_data_free 1 1K 1
Per-cpu 1 1K 1
p1003.1b 1 1K 1
ath_hal 0 0K 0
athdev 0 0K 0
madt_table 0 0K 2
ata_pci 0 0K 0
ata_dma 0 0K 0
ata_generic 0 0K 0
amr 0 0K 0
scsi_da 0 0K 69
ata_da 0 0K 0
scsi_ch 0 0K 0
pvscsi 0 0K 0
smartpqi 0 0K 0
scsi_cd 0 0K 0
USBdev 0 0K 0
USB 0 0K 0
AHCI driver 0 0K 0
agp 0 0K 0
nvme_da 0 0K 0
iavf 0 0K 0
ixl 0 0K 0
acpipwr 0 0K 0
twsbuf 0 0K 0
twe_commands 0 0K 0
twa_commands 0 0K 0
tcp_log_dev 0 0K 0
midi buffers 0 0K 0
mixer 0 0K 0
fpukern_ctx 0 0K 0
xen_intr 0 0K 0
ac97 0 0K 0
hdacc 0 0K 0
xen_hvm 0 0K 0
legacydrv 0 0K 0
qpidrv 0 0K 0
hdac 0 0K 0
hdaa 0 0K 0
dmar_idpgtbl 0 0K 0
dmar_dom 0 0K 0
dmar_ctx 0 0K 0
dmar_dmamap 0 0K 0
acpi_perf 0 0K 0
acpicmbat 0 0K 0
SIIS driver 0 0K 0
isci 0 0K 0
bxe_ilt 0 0K 0
xenbus 0 0K 0
vm_fictitious 0 0K 0
PUC 0 0K 0
ppbusdev 0 0K 0
agtiapi_MemAlloc malloc 0 0K 0
osti_cacheable 0 0K 0
tempbuff 0 0K 0
tempbuff 0 0K 0
ag_tgt_map_t malloc 0 0K 0
UMAHash 0 0K 0
ag_slr_map_t malloc 0 0K 0
lDevFlags * malloc 0 0K 0
vm_pgdata 0 0K 0
jblocks 0 0K 0
savedino 0 0K 5285
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 633
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 108
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 95
ip6_msource 0 0K 4
ip6_moptions 0 0K 9
in6_mfilter 0 0K 29
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 395
sctp_iter 0 0K 22
sctp_mvrf 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_a_it 0 0K 22
sctp_aadr 0 0K 0
sctp_stri 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 3
ip_moptions 0 0K 44
in_mfilter 0 0K 20
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 8
tiDeviceHandle_t * malloc 0 0K 0
statfs 0 0K 6548
export_host 0 0K 0
cl_savebuf 0 0K 49
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
mbuf_tag 0 0K 350
accf 0 0K 0
pts 0 0K 0
iov 0 0K 26718
ioctlops 0 0K 313
Witness 0 0K 0
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 776
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 24
filedesc_to_leader 0 0K 0
pwd 0 0K 0
tty console 0 0K 0
aaccam 0 0K 0
aacbuf 0 0K 0
zstd 0 0K 0
nvlist 0 0K 0
SCSI ENC 0 0K 0
SCSI sa 0 0K 0
isofs_node 0 0K 0
isofs_mount 0 0K 0
tr_raid5_data 0 0K 0
tr_raid1e_data 0 0K 0
tr_raid1_data 0 0K 0
tr_raid0_data 0 0K 0
tr_concat_data 0 0K 0
md_sii_data 0 0K 0
md_promise_data 0 0K 0
md_nvidia_data 0 0K 0
md_jmicron_data 0 0K 0
md_intel_data 0 0K 0
md_ddf_data 0 0K 0
raid_data 0 0K 72
geom_flashmap 0 0K 0
newnfsmnt 0 0K 0
newnfsclient_req 0 0K 0
NFSCL layrecall 0 0K 0
NFSCL session 0 0K 0
NFSCL sockreq 0 0K 0
NFSCL devinfo 0 0K 0
NFSCL flayout 0 0K 0
NFSCL layout 0 0K 0
NFSD rollback 0 0K 0
NFSCL diroffdiroff 0 0K 0
NEWdirectio 0 0K 0
NEWNFSnode 0 0K 0
NFSCL lck 0 0K 0
NFSCL lckown 0 0K 0
NFSCL client 0 0K 0
NFSCL deleg 0 0K 0
NFSCL open 0 0K 0
NFSCL owner 0 0K 0
NFS fh 0 0K 0
NFS req 0 0K 0
NFSD usrgroup 0 0K 0
NFSD string 0 0K 0
NFSD V4lock 0 0K 0
NFSD V4state 0 0K 0
NFSD srvcache 0 0K 0
msdosfs_fat 0 0K 0
msdosfs_mount 0 0K 0
msdosfs_node 0 0K 0
DEVFS4 0 0K 0
DEVFS2 0 0K 0
gntdev 0 0K 0
privcmd_dev 0 0K 0
evtchn_dev 0 0K 0
xenstore 0 0K 0
scsi_pass 0 0K 0
ciss_data 0 0K 0
xnb 0 0K 0
xbbd 0 0K 0
xbd 0 0K 0
Balloon 0 0K 0
sysmouse 0 0K 0
vtfont 0 0K 0
db> show ktr
No such command; use "help" to list available commands
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 4, 2020, 7:34:13 AM4/4/20
to syzkaller-f...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 50e8f4b1 Fix typo
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14eeb1fbe00000
dashboard link: https://syzkaller.appspot.com/bug?extid=2f982d5989a6ff3f35e9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1443a6cde00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16ee07b7e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2f982d...@syzkaller.appspotmail.com
panic: allocdirect_merge: old blkno 406184 != new 406184 || old size 8192 != new 32768
cpuid = 0
time = 1585999868
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0022e7c3b0
vpanic() at vpanic+0x1c7/frame 0xfffffe0022e7c410
panic() at panic+0x43/frame 0xfffffe0022e7c470
allocdirect_merge() at allocdirect_merge+0x2c4/frame 0xfffffe0022e7c4d0
merge_inode_lists() at merge_inode_lists+0x177/frame 0xfffffe0022e7c520
softdep_update_inodeblock() at softdep_update_inodeblock+0x374/frame 0xfffffe0022e7c580
ffs_update() at ffs_update+0x309/frame 0xfffffe0022e7c620
ffs_truncate() at ffs_truncate+0x7b1/frame 0xfffffe0022e7c810
ufs_setattr() at ufs_setattr+0x91e/frame 0xfffffe0022e7c8b0
VOP_SETATTR_APV() at VOP_SETATTR_APV+0x75/frame 0xfffffe0022e7c8e0
vn_truncate_locked() at vn_truncate_locked+0xb6/frame 0xfffffe0022e7c9f0
vn_truncate() at vn_truncate+0x1d1/frame 0xfffffe0022e7ca70
kern_ftruncate() at kern_ftruncate+0x151/frame 0xfffffe0022e7cac0
amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe0022e7cbf0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0022e7cbf0
--- syscall (0, FreeBSD ELF64, nosys), rip = 0x4574fa, rsp = 0x7fffdffdcf88, rbp = 0x6b5a00 ---
KDB: enter: panic
[ thread pid 771 tid 100102 ]
rdx 0xffffffff818937dc
rbx 0
rsp 0xfffffe0022e7c390
rbp 0xfffffe0022e7c3b0
rsi 0x1
rdi 0
ABI: FreeBSD ELF64
arguments: ./syz-executor747451152
(map 0xfffffe00231069e8)
(map.pmap 0xfffffe0023106aa8)
(pmap 0xfffffe0023106b08)
threads: 3
100078 Run CPU 1 syz-executor7474511
100101 S uwait 0xfffff800037fca80 syz-executor7474511
100102 Run CPU 0 syz-executor7474511
100078 Run CPU 1 syz-executor7474511
100101 S uwait 0xfffff800037fca80 syz-executor7474511
100102 Run CPU 0 syz-executor7474511
769 767 769 0 Ss pause 0xfffff80003c725d0 csh
767 680 767 0 Ss select 0xfffff80003a4f9c0 sshd
735 734 22 0 S+ nanslp 0xffffffff824ffe80 sleep
734 1 22 0 S+ wait 0xfffff80003c68a50 sh
493 1 493 0 Ss select 0xfffff80003a4f7c0 syslogd
422 1 422 0 Ss select 0xfffff80003a4fac0 devd
421 1 421 65 Ss select 0xfffff80003a4f6c0 dhclient
336 1 336 0 Ss select 0xfffff800030ef540 dhclient
333 1 333 0 Ss select 0xfffff80003a4fa40 dhclient
100067 D umarcl 0xffffffff81536ab0 [uma]
100054 D - 0xffffffff81cd60c0 [deadlkres]
exclusive rw per-fs softdep (per-fs softdep) r = 0 (0xfffff80003cfec00) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_softdep.c:12362
vfscache 4 1025K 4
pcb 21 537K 75
inodedep 25 524K 72
linker 222 89K 241
bus 964 78K 3342
mtx_pool 2 72K 2
shm 1 32K 1
msg 4 30K 4
DEVFS3 120 30K 130
umtx 216 27K 216
kdtrace 140 27K 1596
DEVFS_RULE 56 27K 56
gtaskqueue 18 26K 18
kbdmux 6 22K 6
BPF 10 18K 10
temp 17 17K 1531
vmem 3 14K 4
kenv 95 12K 99
cred 21 6K 234
ifnet 3 5K 3
evdev 4 4K 4
filedesc 1 4K 1
UMA 235 4K 235
lltable 11 4K 11
hhook 13 4K 13
ether_multi 40 4K 45
in6_multi 25 3K 25
session 20 3K 31
pgrp 20 3K 31
uidinfo 3 3K 8
proc-args 39 2K 472
indirdep 6 2K 9
select 12 2K 12
Unitno 25 2K 37
freefile 11 2K 22
dirrem 4 1K 28
diradd 8 1K 37
sctp_ifa 5 1K 5
crypto 3 1K 3
newdirblk 4 1K 8
mkdir 4 1K 16
in_multi 2 1K 3
mld 2 1K 2
sctp_ifn 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
loginclass 3 1K 7
soname 4 1K 5740
filecaps 4 1K 66
tun 3 1K 3
nexusdev 5 1K 5
entropy 2 1K 35
freework 1 1K 26
savedino 0 0K 14
freefrag 0 0K 7
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
sctp_iter 0 0K 3
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 3
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
export_host 0 0K 0
cl_savebuf 0 0K 3
ioctlops 0 0K 85
HEAD commit: 50e8f4b1 Fix typo
git tree: freebsd
dashboard link: https://syzkaller.appspot.com/bug?extid=2f982d5989a6ff3f35e9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1443a6cde00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16ee07b7e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2f982d...@syzkaller.appspotmail.com
cpuid = 0
time = 1585999868
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0022e7c3b0
vpanic() at vpanic+0x1c7/frame 0xfffffe0022e7c410
panic() at panic+0x43/frame 0xfffffe0022e7c470
allocdirect_merge() at allocdirect_merge+0x2c4/frame 0xfffffe0022e7c4d0
merge_inode_lists() at merge_inode_lists+0x177/frame 0xfffffe0022e7c520
softdep_update_inodeblock() at softdep_update_inodeblock+0x374/frame 0xfffffe0022e7c580
ffs_update() at ffs_update+0x309/frame 0xfffffe0022e7c620
ffs_truncate() at ffs_truncate+0x7b1/frame 0xfffffe0022e7c810
ufs_setattr() at ufs_setattr+0x91e/frame 0xfffffe0022e7c8b0
VOP_SETATTR_APV() at VOP_SETATTR_APV+0x75/frame 0xfffffe0022e7c8e0
vn_truncate_locked() at vn_truncate_locked+0xb6/frame 0xfffffe0022e7c9f0
vn_truncate() at vn_truncate+0x1d1/frame 0xfffffe0022e7ca70
kern_ftruncate() at kern_ftruncate+0x151/frame 0xfffffe0022e7cac0
amd64_syscall() at amd64_syscall+0x262/frame 0xfffffe0022e7cbf0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0022e7cbf0
--- syscall (0, FreeBSD ELF64, nosys), rip = 0x4574fa, rsp = 0x7fffdffdcf88, rbp = 0x6b5a00 ---
KDB: enter: panic
[ thread pid 771 tid 100102 ]
Stopped at kdb_enter+0x67: movq $0,0x146ea36(%rip)
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rcx 0x80 ll+0x5f
db>
db> set $lines = 0
db> set $maxwidth = 0
db> show registers
cs 0x20
ds 0x3b ll+0x1a
es 0x3b ll+0x1a
fs 0x13
gs 0x1b
ss 0x28 ll+0x7
rax 0x12
rdx 0xffffffff818937dc
rbx 0
rsp 0xfffffe0022e7c390
rbp 0xfffffe0022e7c3b0
rsi 0x1
rdi 0
r8 0
r9 0xffffffff
r10 0x6
r11 0x3185fe
r9 0xffffffff
r10 0x6
r12 0xffffffff82068e50 ddb_dbbe
r13 0
r14 0xffffffff81932d3e
r15 0xffffffff81932d3e
rip 0xffffffff810a8847 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x146ea36(%rip)
db> show proc
Process 771 (syz-executor7474511) at 0xfffff80003c72a50:
r13 0
r14 0xffffffff81932d3e
r15 0xffffffff81932d3e
rip 0xffffffff810a8847 kdb_enter+0x67
rflags 0x86 ll+0x65
kdb_enter+0x67: movq $0,0x146ea36(%rip)
db> show proc
state: NORMAL
uid: 0 gids: 0, 0, 5
parent: pid 769 at 0xfffff80003c72528
uid: 0 gids: 0, 0, 5
ABI: FreeBSD ELF64
arguments: ./syz-executor747451152
reaper: 0xfffff8000330c000 reapsubtree: 1
sigparent: 20
vmspace: 0xfffffe00231069e8
sigparent: 20
(map 0xfffffe00231069e8)
(map.pmap 0xfffffe0023106aa8)
(pmap 0xfffffe0023106b08)
threads: 3
100078 Run CPU 1 syz-executor7474511
100101 S uwait 0xfffff800037fca80 syz-executor7474511
100102 Run CPU 0 syz-executor7474511
db> ps
pid ppid pgrp uid state wmesg wchan cmd
771 769 769 0 R (threaded) syz-executor7474511
pid ppid pgrp uid state wmesg wchan cmd
100078 Run CPU 1 syz-executor7474511
100101 S uwait 0xfffff800037fca80 syz-executor7474511
100102 Run CPU 0 syz-executor7474511
769 767 769 0 Ss pause 0xfffff80003c725d0 csh
767 680 767 0 Ss select 0xfffff80003a4f9c0 sshd
746 1 746 0 Ss+ ttyin 0xfffff8000380dcb0 getty
745 1 745 0 Ss+ ttyin 0xfffff80003b1d0b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b1d4b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b1d8b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003b1dcb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003b200b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003b204b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003b208b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003b20cb0 getty
736 1 22 0 S+ piperd 0xfffff80003c76000 logger
745 1 745 0 Ss+ ttyin 0xfffff80003b1d0b0 getty
744 1 744 0 Ss+ ttyin 0xfffff80003b1d4b0 getty
743 1 743 0 Ss+ ttyin 0xfffff80003b1d8b0 getty
742 1 742 0 Ss+ ttyin 0xfffff80003b1dcb0 getty
741 1 741 0 Ss+ ttyin 0xfffff80003b200b0 getty
740 1 740 0 Ss+ ttyin 0xfffff80003b204b0 getty
739 1 739 0 Ss+ ttyin 0xfffff80003b208b0 getty
738 1 738 0 Ss+ ttyin 0xfffff80003b20cb0 getty
735 734 22 0 S+ nanslp 0xffffffff824ffe80 sleep
734 1 22 0 S+ wait 0xfffff80003c68a50 sh
684 1 684 0 Ss nanslp 0xffffffff824ffe80 cron
680 1 680 0 Ss select 0xfffff800030ef5c0 sshd
493 1 493 0 Ss select 0xfffff80003a4f7c0 syslogd
422 1 422 0 Ss select 0xfffff80003a4fac0 devd
421 1 421 65 Ss select 0xfffff80003a4f6c0 dhclient
336 1 336 0 Ss select 0xfffff800030ef540 dhclient
333 1 333 0 Ss select 0xfffff80003a4fa40 dhclient
21 0 0 0 DL syncer 0xffffffff825d6318 [syncer]
20 0 0 0 DL vlruwt 0xfffff80003aef000 [vnlru]
19 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff825d5818 [bufdaemon]
100070 D - 0xffffffff8200aa00 [bufspacedaemon-0]
100082 D sdflush 0xfffff80003cfece8 [/ worker]
20 0 0 0 DL vlruwt 0xfffff80003aef000 [vnlru]
19 0 0 0 DL (threaded) [bufdaemon]
100065 D qsleep 0xffffffff825d5818 [bufdaemon]
100070 D - 0xffffffff8200aa00 [bufspacedaemon-0]
18 0 0 0 DL psleep 0xffffffff825f1188 [vmdaemon]
17 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff8261d058 [dom0]
100066 D launds 0xffffffff8261d064 [laundry: dom0]
17 0 0 0 DL (threaded) [pagedaemon]
100063 D psleep 0xffffffff8261d058 [dom0]
100067 D umarcl 0xffffffff81536ab0 [uma]
100057 D - 0xfffff80003b1c900 [acpi_task_0]
100058 D - 0xfffff80003b1c900 [acpi_task_1]
100059 D - 0xfffff80003b1c900 [acpi_task_2]
100061 D - 0xfffff800031fa200 [CAM taskq]
db> show all locks
Process 771 (syz-executor7474511) thread 0xfffffe0004cf4e00 (100102)
100058 D - 0xfffff80003b1c900 [acpi_task_1]
100059 D - 0xfffff80003b1c900 [acpi_task_2]
100061 D - 0xfffff800031fa200 [CAM taskq]
db> show all locks
exclusive rw per-fs softdep (per-fs softdep) r = 0 (0xfffff80003cfec00) locked @ /syzkaller/managers/main/kernel/sys/ufs/ffs/ffs_softdep.c:12362
exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0003e46500) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_bio.c:3878
exclusive lockmgr ufs (ufs) r = 0 (0xfffff8000b531bd8) locked @ /syzkaller/managers/main/kernel/sys/kern/vfs_vnops.c:1318
db> show malloc
Type InUse MemUse Requests
devbuf 4213 4851K 4238
Type InUse MemUse Requests
vtbuf 24 1968K 46
sysctloid 25931 1511K 25995
kobj 332 1328K 488
newblk 482 1145K 555
sysctloid 25931 1511K 25995
kobj 332 1328K 488
vfscache 4 1025K 4
pcb 21 537K 75
inodedep 25 524K 72
ufs_quota 1 512K 1
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
subproc 102 205K 830
vfs_hash 1 512K 1
callout 2 512K 2
intr 4 388K 4
acpica 1674 185K 52709
vnet_data 1 168K 1
pagedep 8 130K 18
vnet_data 1 168K 1
tfo_ccache 1 128K 1
sem 4 106K 4
DEVFS1 101 101K 110
sem 4 106K 4
linker 222 89K 241
bus 964 78K 3342
mtx_pool 2 72K 2
syncache 1 68K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 494 62K 494
hostcache 1 32K 1
acpitask 1 64K 1
ddb_capture 1 64K 1
module 494 62K 494
shm 1 32K 1
msg 4 30K 4
DEVFS3 120 30K 130
umtx 216 27K 216
kdtrace 140 27K 1596
DEVFS_RULE 56 27K 56
gtaskqueue 18 26K 18
kbdmux 6 22K 6
BPF 10 18K 10
temp 17 17K 1531
ufs_mount 3 17K 4
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
ithread 89 15K 89
proc 3 17K 3
tty 16 16K 16
tidhash 1 16K 1
vmem 3 14K 4
bus-sc 30 14K 1431
KTRACE 100 13K 100
ifaddr 30 12K 32
KTRACE 100 13K 100
kenv 95 12K 99
eventhandler 122 11K 122
pfs_nodes 20 10K 20
pfs_nodes 20 10K 20
GEOM 60 10K 487
rman 82 10K 423
bmsafemap 2 9K 42
rman 82 10K 423
UART 12 9K 12
devstat 4 9K 4
rpc 2 8K 2
devstat 4 9K 4
rpc 2 8K 2
shmfd 1 8K 1
pfs_vncache 1 8K 1
pfs_vncache 1 8K 1
audit_evclass 232 8K 290
CAM DEV 3 6K 510
vt 11 6K 11
CAM DEV 3 6K 510
cred 21 6K 234
sglist 5 6K 5
CAM queue 5 6K 1528
routetbl 28 5K 32
CAM queue 5 6K 1528
taskqueue 45 5K 45
ufs_dirhash 24 5K 24
plimit 17 5K 322
ufs_dirhash 24 5K 24
ifnet 3 5K 3
memdesc 1 4K 1
MCA 32 4K 32
CAM CCB 2 4K 1855
MCA 32 4K 32
evdev 4 4K 4
filedesc 1 4K 1
UMA 235 4K 235
lltable 11 4K 11
hhook 13 4K 13
ether_multi 40 4K 45
in6_multi 25 3K 25
acpisem 22 3K 22
terminal 11 3K 11
kqueue 44 3K 774
terminal 11 3K 11
session 20 3K 31
pgrp 20 3K 31
uidinfo 3 3K 8
local_apic 1 2K 1
io_apic 1 2K 1
ipsec-saq 2 2K 2
io_apic 1 2K 1
proc-args 39 2K 472
CAM XPT 22 2K 543
lockf 15 2K 22
indirdep 6 2K 9
select 12 2K 12
Unitno 25 2K 37
freefile 11 2K 22
acpidev 20 2K 20
msi 9 2K 9
softdep 1 1K 1
msi 9 2K 9
dirrem 4 1K 28
diradd 8 1K 37
ipsecpolicy 1 1K 1
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
vnodemarker 2 1K 8
sahead 1 1K 1
secasvar 1 1K 1
clone 8 1K 8
NFSD session 1 1K 1
CAM periph 4 1K 271
CAM periph 4 1K 271
toponodes 6 1K 6
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
ip6ndp 4 1K 5
isadev 6 1K 6
mount 16 1K 86
pci_link 10 1K 10
sctp_ifa 5 1K 5
crypto 3 1K 3
newdirblk 4 1K 8
mkdir 4 1K 16
in_multi 2 1K 3
pfil 4 1K 4
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
osd 3 1K 9
chacha20random 1 1K 1
CAM SIM 2 1K 2
epoch 4 1K 4
cdev 2 1K 2
encap_export_host 8 1K 8
mld 2 1K 2
sctp_ifn 2 1K 2
igmp 2 1K 2
vnodes 1 1K 1
NFSD lckfile 1 1K 1
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
inpcbpolicy 6 1K 129
NFSD V4client 1 1K 1
DEVFS 9 1K 10
feeder 7 1K 7
loginclass 3 1K 7
CAM dev queue 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
pmchooks 1 1K 1
prison 4 1K 4
DEVFSP 2 1K 2
CAM I/O Scheduler 1 1K 1
apmdev 1 1K 1
atkbddev 2 1K 2
CAM path 4 1K 1034
pmchooks 1 1K 1
prison 4 1K 4
soname 4 1K 5740
filecaps 4 1K 66
tun 3 1K 3
nexusdev 5 1K 5
entropy 2 1K 35
tcpfunc 1 1K 1
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
cpus 2 1K 2
sctp_vrf 1 1K 1
vnet 1 1K 1
acpiintr 1 1K 1
pmc 1 1K 1
freework 1 1K 26
sentinel 0 0K 0
jfsync 0 0K 0
jtrunc 0 0K 0
sbdep 0 0K 3
jfsync 0 0K 0
jtrunc 0 0K 0
jsegdep 0 0K 0
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freeblks 0 0K 25
jseg 0 0K 0
jfreefrag 0 0K 0
jfreeblk 0 0K 0
jnewblk 0 0K 0
jmvref 0 0K 0
jremref 0 0K 0
jaddref 0 0K 0
freedep 0 0K 0
freefrag 0 0K 7
allocindir 0 0K 0
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6opt 0 0K 3
allocdirect 0 0K 0
ufs_trim 0 0K 0
mactemp 0 0K 0
audit_trigger 0 0K 0
audit_pipe_presel 0 0K 0
audit_pipeent 0 0K 0
audit_pipe 0 0K 0
audit_evname 0 0K 0
audit_bsm 0 0K 0
audit_gidset 0 0K 0
audit_text 0 0K 0
audit_path 0 0K 0
audit_data 0 0K 0
audit_cred 0 0K 0
xform 0 0K 0
NLM 0 0K 0
nfsclient_nlminfo 0 0K 0
nfsclient_lock 0 0K 0
NFS FHA 0 0K 0
ipsec-spdcache 0 0K 0
ipsec-reg 0 0K 0
ipsec-misc 0 0K 0
ipsecrequest 0 0K 0
ip6_msource 0 0K 0
ip6_moptions 0 0K 0
in6_mfilter 0 0K 0
frag6 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_socko 0 0K 0
tcplog 0 0K 0
LRO 0 0K 0
sctp_mcore 0 0K 0
sctp_iter 0 0K 3
sctp_mvrf 0 0K 0
sctp_timw 0 0K 0
sctp_cpal 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_athm 0 0K 0
sctp_cmsg 0 0K 0
sctp_stre 0 0K 0
sctp_athi 0 0K 0
sctp_atky 0 0K 0
sctp_atcl 0 0K 0
sctp_a_it 0 0K 3
sctp_aadr 0 0K 0
sctp_stro 0 0K 0
sctp_stri 0 0K 0
sctp_map 0 0K 0
newreno data 0 0K 0
ip_msource 0 0K 0
ip_moptions 0 0K 0
in_mfilter 0 0K 0
ipid 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
fadvise 0 0K 0
80211scan 0 0K 0
80211ratectl 0 0K 0
80211power 0 0K 0
80211nodeie 0 0K 0
80211node 0 0K 0
80211mesh_gt 0 0K 0
80211mesh_rt 0 0K 0
80211perr 0 0K 0
80211prep 0 0K 0
80211preq 0 0K 0
80211dfs 0 0K 0
80211crypto 0 0K 0
80211vap 0 0K 0
iflib 0 0K 0
vlan 0 0K 0
gif 0 0K 0
ifdescr 0 0K 0
zlib 0 0K 0
tiDeviceHandle_t * malloc 0 0K 0
statfs 0 0K 196
export_host 0 0K 0
cl_savebuf 0 0K 3
ag_portal_data_t malloc 0 0K 0
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
mbuf_tag 0 0K 25
ag_device_t malloc 0 0K 0
STLock malloc 0 0K 0
CCB List 0 0K 0
sr_iov 0 0K 0
OCS 0 0K 0
OCS 0 0K 0
nvme 0 0K 0
nvd 0 0K 0
netmap 0 0K 0
mwldev 0 0K 0
MVS driver 0 0K 0
CAM ccb queue 0 0K 0
mrsasbuf 0 0K 0
mpt_user 0 0K 0
mps_user 0 0K 0
biobuf 0 0K 0
aios 0 0K 0
lio 0 0K 0
acl 0 0K 0
MPSSAS 0 0K 0
accf 0 0K 0
pts 0 0K 0
iov 0 0K 12993
pts 0 0K 0
ioctlops 0 0K 85
Witness 0 0K 0
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctltmp 0 0K 570
stack 0 0K 0
mps 0 0K 0
mpr_user 0 0K 0
MPRSAS 0 0K 0
mpr 0 0K 0
mfibuf 0 0K 0
md_sectors 0 0K 0
sbuf 0 0K 288
md_disk 0 0K 0
compressor 0 0K 0
malodev 0 0K 0
SWAP 0 0K 0
LED 0 0K 0
sysctl 0 0K 1
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
kcovinfo 0 0K 0
ekcd 0 0K 0
dumper 0 0K 0
sendfile 0 0K 0
rctl 0 0K 0
ix_sriov 0 0K 0
aacraidcam 0 0K 0
ix 0 0K 0
ipsbuf 0 0K 0
iirbuf 0 0K 0
cache 0 0K 0
aacraid_buf 0 0K 0
prison_racct 0 0K 0
Fail Points 0 0K 0
sigio 0 0K 1
Fail Points 0 0K 0
Mark Johnston
Apr 11, 2020, 3:58:05 PM4/11/20
to syzbot, syzkaller-f...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages