syzbot


panic: ffs_blkfree_cg: freeing free block (2)

Status: fixed on 2019/07/30 03:29
Reported-by: syzbot+cc052223614c27bb3f53@syzkaller.appspotmail.com
Fix commit: 577fca0e204d Lock the vnode before calling ufs_bmap_seekdata().
First crash: 1377d, last: 1357d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
freebsd panic: ffs_blkfree_cg: freeing free block C 5 1421d 1421d 1/2 fixed on 2019/04/29 23:55

Sample crash report:
panic: ffs_blkfree_cg: freeing free block
cpuid = 0
time = 1558390788
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0024aa3fe0
vpanic() at vpanic+0x1e0/frame 0xfffffe0024aa4040
panic() at panic+0x43/frame 0xfffffe0024aa40a0
ffs_blkfree_cg() at ffs_blkfree_cg+0x6e9/frame 0xfffffe0024aa4160
ffs_blkfree() at ffs_blkfree+0x15e/frame 0xfffffe0024aa41e0
ffs_indirtrunc() at ffs_indirtrunc+0x724/frame 0xfffffe0024aa42e0
ffs_indirtrunc() at ffs_indirtrunc+0x68e/frame 0xfffffe0024aa43c0
ffs_indirtrunc() at ffs_indirtrunc+0x68e/frame 0xfffffe0024aa44a0
ffs_truncate() at ffs_truncate+0x17c3/frame 0xfffffe0024aa4690
ufs_setattr() at ufs_setattr+0x918/frame 0xfffffe0024aa4730
VOP_SETATTR_APV() at VOP_SETATTR_APV+0xc2/frame 0xfffffe0024aa4760
kern_truncate() at kern_truncate+0x289/frame 0xfffffe0024aa4980
amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe0024aa4ab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0024aa4ab0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x41309a, rsp = 0x7fffdfffdf38, rbp = 0x2 ---
KDB: enter: panic
[ thread pid 2392 tid 100205 ]
Stopped at      kdb_enter+0x6a: movq    $0,kdb_why

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-freebsd-main 2019/05/20 22:19 freebsd e2abb7b27ea6 40046286 console log report
ci-freebsd-main 2019/04/30 12:15 freebsd 8d42a256bc31 20f16bef console log report
* Struck through repros no longer work on HEAD.